Correcting typo in fixed versions
CVE-2025-53506 Apache Tomcat - DoS in HTTP/2
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
An uncontrolled resource
Correcting typo in fixed versions
CVE-2025-52520 Apache Tomcat - DoS in multipart upload
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
For some unlikel
CVE-2025-53506 Apache Tomcat - DoS in HTTP/2
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
An uncontrolled resource consumption vulnerability if an HTT
CVE-2025-52520 Apache Tomcat - DoS in multipart upload
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
For some unlikely configurations of multipart uploa
CVE-2025-49125 Apache Tomcat - APR/Native Connector crash leading to DoS
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.105
Description:
A race condition on connection close could trigger a JVM crash when
using the APR/Native connec
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.9.
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications.
the NonLoginAuthenticator.
The authenticator is the only place I see Tomcat setting:
Cache-Control: private
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h
occurs for HTTP GET requests.
Is this Tomcat 10 related behavior ?
As same app on Tomcat 9 with same security-contraint return the correct Headers.
Different value for securePagesWithPragma on the authenticator for the
two system being tested?
Mark
On 25/06/2025 14:07, Mark Thomas wrote:
I think I need to look at the rules for merging welcome resources. That
might prompt some changes to the PR.
At the moment, a is almost certain to match since it
will likely be using extension mapping making any welcome resources that
follow
On 25/06/2025 09:17, Rémy Maucherat wrote:
On Wed, Jun 25, 2025 at 9:19 AM Mark Thomas wrote:
All,
Servlet 6.2 intends to address a long standing (more than 10 years)
issue with welcome files. Consider the following:
- *.do is mapped to a servlet
- welcome files are index.jsp, index.do
The
might occur: web.xml has
index.html
index.do
Then there is an included fragment index.htm
So that we have a welcome-file after a welcome servlet in the final config.
I think I need to look at the rules for merging welcome resources. That
might prompt some changes to the PR.
Mark
-
/20
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
CSRF protection implies that some form of authentication is in
place. If all your multipart uploads are protected by authentication AND
you trust all of your authenticated users then that will help you.
Mark
On Mon, 23 Jun 2025, 09:02 Mark Thomas, wrote:
On 23/06/2025 01:17, Hrvoje Lončar
work.
Note: It looks like the default for maxPartCount will increase from 10
to 50 in the next release round.
Mark
}
On Sun, Jun 22, 2025 at 3:19 AM Hrvoje Lončar wrote:
The actual problem now is my embedded Tomcat when I start my Spring Boot
app from Eclipse STS:
I get the same error,
On 20/06/2025 11:54, Hrvoje Lončar wrote:
Thank you very much
Mark ThomasThat was the case :(
Absolutely weird to make such a major change in a minor release from
NN.MM.39 to NN.MM.42
It was a response to a DoS security vulnerability.
Feel free to add your views on what the defaults should be
On 11/06/2025 14:36, Troels Arvin wrote:
Hello,
On May 28th, Mark Thomas wrote:
Define the Valve at the web application level in the web application's
META-INF/context.xml (nested under ) rather than at the host
level in server.xml
Rewrite rules for that web application then go in WE
System.exit(0);
break;
Appreciate feedback on whether this is a good idea to enhance the server.xml
config validation check?
I'm not yet convinced.
Mark
-
To unsubscribe, e-mail:
and production
instance.
Anyone else having the same problem?
Maybe related to:
https://bz.apache.org/bugzilla/show_bug.cgi?id=69710
Try setting maxPartCount on the connector but be aware of DoS risks as
the value gets higher.
Mark
Some technical info:
- Ubuntu 24.04.2 LTS
- nginx/1.2
at/blob/9.0.97/java/org/apache/coyote/http11/Http11Processor.java#L878
Stepping through prepareResponse() should show you why chunked is being
selected. Or at least point you in the right direction.
Mark
-
To unsub
ave an ASF Bugzilla account, the link to create one is on the front page.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
nalyse the problem.
You need to invest in a profiler (I use YourKit because they give free
licenses to open source developers - other profilers are available) and
use it to see where the memory is being used and understand w
see the thread dump.
Ideally, you need to provide 3 thread dumps taken ~5s apart during a
time the application was hung.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users
Filter or Valve are the most likely) that is committing the response
before the content is written.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
See https://bz.apache.org/bugzilla/show_bug.cgi?id=69710
In short, you'll probably need to increase maxPartCount
Mark
On 17/06/2025 16:45, Stephen Booth wrote:
I just updated my production servers from 9.0.104 to 9.0.106
and this broke my registration form with the following exception.
CVE-2025-49125 Apache Tomcat - Security constraint bypass for
pre/post-resources
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.7
Apache Tomcat 10.1.0-M1 to 10.1.41
Apache Tomcat 9.0.0.M1 to 9.0.105
Description:
When using PreResou
CVE-2025-49124 Apache Tomcat - Side-loading via Tomcat installer for Windows
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.7
Apache Tomcat 10.1.0 to 10.1.41
Apache Tomcat 9.0.23 to 9.0.105
Description:
During installation, the Tomcat in
CVE-2025-48988 Apache Tomcat - DoS in multipart upload
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.7
Apache Tomcat 10.1.0-M1 to 10.1.41
Apache Tomcat 9.0.0.M1 to 9.0.105
Description:
Tomcat used the same limit for both request p
CVE-2025-48976 Apache Tomcat - DoS in Commons FileUpload
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.7
Apache Tomcat 10.1.0-M1 to 10.1.41
Apache Tomcat 9.0.0.M1 to 9.0.105
Description:
Apache Commons FileUpload provided a hard-c
On 14/06/2025 07:37, Fabian Hahn wrote:
An easy way to increase the number of form input-fields past 10 for a multipart
request
in Tomcat 11.0.8 would be:
/usr/local/tomcat/conf/server.xml
...
...
Mark, is there a solution in HttpServlet#doPost, #init(), or @MultipartConfig
ation (PHA) for HTTP/2..." ?
No. Like the message says, the JSSE TLS 1.3 implementation does not
support PHA. The message is correct.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional comma
https://tomcat.apache.org/tomcat-11.0-doc/config/http.html
You'll need to increase maxPartCount
Mark
On 13/06/2025 15:13, Matthias Reischenbacher wrote:
Hi,
after upgrading from 11.0.6 to 11.0.8 a form multi part POST stopped
working with the exce
.x so that they may provide feedback. The notable
changes compared to 11.0.7 include:
- Provide finer grained control of multi-part request processing via two
new attributes on the Connector element.
- Mark the JSP wrapper for reload after a failed compilation.
- Update Tomcat Native to 2.0.9
that is the case then you will need to code something yourself.
It shouldn't be too hard to code something like the
TLSCertificateReloadListener that watches a file and when it sees a
change parses the file for a list of domains and then adds/removes them
as necessary.
Mark
Il 03-Jun-
Why do you need to add/remove a certificate?
Mark
On 03/06/2025 09:15, Ivano Luberti wrote:
Hi Mark, only problem to solve is to avoid restart upon adding/removal
of an SSL certificate.
Il 29-May-25 09:38, Mark Thomas ha scritto:
On 29/05/2025 07:59, Ivano Luberti wrote:
Thanks Chris
CVE-2025-46701 Apache Tomcat - CGI security constraint bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.6
Apache Tomcat 10.1.0-M1 to 10.1.40
Apache Tomcat 9.0.0.M1 to 9.0.104
Description:
When running on a case insensitive file syst
em are you trying to solve? Depending on
the problem, there may be other solutions.
Mark
Thanks everyone
Il 28-May-25 14:43, Christopher Schultz ha scritto:
Ivano,
On 5/28/25 4:17 AM, Ivano Luberti wrote:
Thanks for all the responses. I try to be more clear.
My server.xml configuration cont
On 28/05/2025 15:48, Troels Arvin wrote:
Hello,
Mark Thomas wrote:
Try with per context rewrite rules rather than global ones.
What does that mean?
https://tomcat.apache.org/tomcat-11.0-doc/rewrite.html
Define the Valve at the web application level in the web application's
MET
work that way (even if it does).
Mark
On 28/05/2025 15:27, Troels Arvin wrote:
Hello,
Holger Klawitter wrote:
In the context.xml you should be able to specify
WEB-INF/rewrite.config
It doesn't work. I've tried
${catalina.base}/conf/standalone/rewrite.configWatchedResourc
d the configuration for that
Connector. That should be a seamless process with no downtime.
I'm using Tomcat 9 , but looking for solution also in tomcat 10 or 11.
I'd expect the same solution to work for all but we need to understand
the problem full
On 27/05/2025 19:20, federico bustamante wrote:
Hi Mark, hope to find you well.
Just following up, did you get the build working?
I tried a few more times but I couldn't make any progress.
Yes, all working. There is a Tomcat Native release in progress now with
the Windows binaries built
On 22/05/2025 07:53, Mark Thomas wrote:
On 21/05/2025 23:04, federico bustamante wrote:
Yes, I don't have high hopes on make in it work on Ubuntu, but I
thought of
giving it a try using mingw-64.
I'll report back.
I've been building the Tomcat Native binaries for Windows for
rt back.
I'll also start a discussion on dev@ about switching the convenience
builds to use OpenSSL 3.5 since that is the new LTS version.
Mark
Fede
On Wed, May 21, 2025, 18:20 Christopher Schultz <
ch...@christopherschultz.net> wrote:
Federico,
On 5/21/25 2:22 PM, federico bus
)
to signal to Tomcat that the session is being closed due to an error
condition. It should step additional error events being triggered. But
both methods should work.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat
if needed.
Remove javax.mail-1.6.2.jar and activation-1.1.jar from all web
applications.
Add those JARs to $CATALINA_BASE/lib
That way when they get loaded they'll be loaded by Tomcat's common
loader and visible to all web applicatio
On 30/04/2025 16:17, Mark Thomas wrote:
On 30/04/2025 14:59, Doug Whitfield wrote:
Hi folks,
This feature was added in 9.0.90:
The system property org.apache.catalina.connector.RECYCLE_FACADES will
now default to true if not specified, which will in turn set the
default value for the
they are doing. Perhaps something needs to be updated in their
code, but in the meantime wondering what others have seen and what folks think
is a reasonable degradation.
Let me run some tests and I should be able to give you a reasonable
upper bound.
Mark
Minor nit:
Tomcat also supports:
Jakarta Annotations
Jakarta Debugging Support for Other Languages
but we don't list then on the spec age. We probably should.
Mark
On 29/04/2025 15:36, William Crowell wrote:
Chris,
Beautiful answer and exactly what I was looking for. Thank you.
Re
On 29/04/2025 08:16, Zdeněk Henek wrote:
Hi,
I have looked at the commits and all have in changes http2. Is this an
issue in case we don't use http2?
No. It only affects h2/h2c.
Mark
Thank you.
Regards,
Zdenek Henek
On Mon, Apr 28, 2025 at 7:12 PM Mark Thomas wrote:
CVE-2025-
CVE-2025-31651 Apache Tomcat - Rewrite rule bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.5
Apache Tomcat 10.1.0-M1 to 10.1.39
Apache Tomcat 9.0.0.M1 to 9.0.102
Description:
For a subset of unlikely rewrite rule configurations, i
CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M2 to 11.0.5
Apache Tomcat 10.1.10 to 10.1.39
Apache Tomcat 9.0.76 to 9.0.102
Description:
Incorrect error handling for some i
iguration file gives
the details, and web.xml references them.
Will this approach not work for you?
Or if we set it up so Tomcat is hosting 2 sites (www.sitea.com/myapp and
www.siteb.com/myapp) and have the global web.xml with different settings
based on host/site?
As Mark says, "global is
Global is global.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
ions and removals.
2.
Move (don't copy) the Xerces JARs from WEB-INF/lib to $CATALINA_BASE/lib
- you'll need to do this for all of your web applications.
3.
Write a ServletContextListener that uses reflection to clear
javax.xml.bind.DatatypeConve
the cluster tag might
be the solution but I wanted to tap into the collective wisdom of the
group on the best way forward. We can't just add the
| |
That could be quite a big change.
Mark
tag as it uses ip multicast which doesn't work in EC2 as there is no
physical broadcast
pplication shuts down and/or cause each reference chain to be
created to the common class loader rather than the web application
specific one.
If you can provide a minimal web application that reproduces the issue,
we can help with the above.
Mark
Simon
On Tue, Apr 22, 2025 at 12:
moving that code from the web application to
$CATALINA_BASE/lib
If it is a library the application is using, this is relatively simple.
If it is the application then things get trickier.
Mark
-
To unsubscribe, e-mail: users-uns
such a tool but that doesn't mean
one doesn't exist.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
.
Allocate that much memory to the Java heap. That should give GC the room
it needs to operate efficiently.
That exact multiplier may not apply to more modern GC algorithms.
Every application is different. You'll need to do some testing to find
out what
ed:
That looks a JVM bug. One for your JVM vendor / RedHat depending on
where you got it from.
No obvious changes on the Tomcat side that might have triggered the bug.
Mark
Method_being_compiled=org/apache/catalina/webresources/StandardRoot.getResource(
Ljava/lang/String;ZZ)Lorg/apach
ff than on. If we were to implement today, it
would probably be with panama and a native QUIC stack.
HTH,
MARK
Rémy
Regards,
William Crowell
This e-mail may contain information that is privileged or confidential. If you
are not the intended recipient, please delete the e-mail
t
contains the fix once I have implemented what I think is the fix.
2. You provide the simplest possible web application that reproduces the
issue and I use that to test.
Which approach works best for you?
Mark
-
To unsubs
false on Tomcat9w.exe right?
Correct.
I am trying to avoid upgrade or restarting my Tomcat.
Based on the information you have provided, that should not be necessary.
Mark
Best regards,
Nguyen
-
To unsubscribe, e
lications. That assumes there is a version that
will work for all the web applications. If the web applications need
different versions you will likely need a Tomcat instance for each version.
HTH,
Mark
On 12/04/2025 21:22, Thad Humphries wrote:
I have a problem that appears to be one webapp in
ments from a non-ASF email address. That is
not allowed for announce lists. Any message MUST originate from an
@apache.org address else it will be dropped.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.or
lse" %>
I have tested it and it does stop the creation/incrementing.
Great. Tx for providing feedback on the root cause of the problem.
Mark
Cheers Greg
On 09/04/2025 19:29, Christopher Schultz wrote:
Greg,
On 4/9/25 7:22 AM, Greg Huber wrote:
I have noticed that seems I have alo
t RFC 6066 states that the trailing dot should not be
present so this JRE exception looks to be correct.
Mark
Is this supported in tomcat 11 or any way to bypass it ?
javax.net.ssl.SSLProtocolException: Illegal server name, type=host_name(0),
name=tomcat-login.osns.svc.cluster.local.,
It depends.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On 03/04/2025 13:05, Rose Mary P T wrote:
HI Mark,
Thanks for your response.
I would like to seek your guidance regarding an issue I am encountering
with my current Tomcat setup. Specifically, your recent suggestions
appear to contradict my existing configuration. Could you kindly confirm
There are several presentations by me on the Tomcat website that discuss
this. Maybe start with this one from slide 12.
Slides:
https://tomcat.apache.org/presentations/2013-02-acna-Apache-Tomcat-Clustering.pdf
Video:
https://www.youtube.com/watch?v=rX1zm11AXcA
HTH,
Mark
On Fri, Apr 4, 2025 at 8:23 P
/ Jakarta EE 12 and there does seem to
be a desire within the Jakarta EE project for a faster release cadence.
It remains to be seen how that translates into Tomcat releases but - as
always - the community will be involved in - and have full visibility of
- any discussions.
Mark
On Tue, 8
, required role="biz"
In order to protect above endpoints via web.xml security-constraints
mechanism, how shall I do?
It should be as simple as this in your web.xml:
Whether the below is correct depends on how the CGI Servlet is mapped.
And the OP
equest for
confirmation.
They are good questions but I will note the answers are all in the "API
Stability" section of the release notes.
Mark
Best regards and have a nice weekend,
Alexander
-
To unsubscribe, e-
aManager is that the cluster
traffic scales with the square of the number of nodes. For the
BackupManager traffic scales linearly with the number of nodes.
The limit of 4 is one of those values that should work with most
applications. Depending on your application, the actual limit m
On 28/03/2025 09:08, Rose Mary P T wrote:
Hi Mark,
Thank you for the confirmation.
As per your suggestion, I have modified the deployed application so that it no
longer spawns any threads but instead executes a few calls.
Please clarify what you mean by "executes a few calls".
Ad
issue in your code then maybe an issue in Jar scanning that
identifies SCIs.
No changes jump out as relevant for 10.1.23 and 10.1.39. Debugging the
start up process is probably the quickest way to find the root cause.
Mark
On Sat, Feb 8, 2025 at 6:36 AM Tim N wrote:
Looks like this last
that catalina.properties is read and the properties are added as
system properties. The SystemPropertySource then finds them for the
Digester.
Mark
Regards,
William Crowell
From: Sebastian Trost
Date: Thursday, March 27, 2025 at 9:53 AM
To: users@tomcat.apache.org
Subject: Re: Additional
f the application is creating the virtual threads then I'd suggest
adding tracking for the current number of virtual threads to the
application.
Mark
* The application was deployed in the TOMCAT_LOCATION/webapps directory
and started on localhost.
In Apache Tomcat 10.1.36, we added the
On 25/03/2025 12:33, William Crowell wrote:
Mark,
I believe there is a proxy involved here that does TLS decrypt, but I noticed
they had the redirectPort on the 8080 connector set to 8443. When you try to
hit Tomcat directly over port 8080 using HTTP it is hung.
Hmm. Both the Acceptor
connect to Tomcat? HTTP and 8080?
Are you connecting directly to Tomcat or is there a proxy involved at all?
Mark
Regards,
William Crowell
From: Christopher Schultz
Date: Tuesday, March 25, 2025 at 7:20 AM
To: users@tomcat.apache.org
Subject: Re: NIO Thread Madness
William,
On 3/24/25 2:56 PM
Can you provide those after the issue thread dumps? Privately is fine if
you don't want to share them publicly.
Tomcat not responding to any requests is something that shouldn't
happen. I'd like to understand what is going on.
Mark
On 25/03/2025 10:22, William Crowell wrote
and
where they are waiting will (hopefully) tell you why they are waiting
and point you towards a solution.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On 19/03/2025 18:51, Mark Thomas wrote:
On 19/03/2025 14:52, Roberto Resoli wrote:
Hello,
I am trying to verify GPG signatures of recent tomcat downloads, but I
noted that both
Mark E D Thomas
DCFD35E0BF8CA7344752DE8B6FB21E8933C60243
Remy Maucherat
On 19/03/2025 14:52, Roberto Resoli wrote:
Hello,
I am trying to verify GPG signatures of recent tomcat downloads, but I
noted that both
Mark E D Thomas DCFD35E0BF8CA7344752DE8B6FB21E8933C60243
Remy Maucherat
48F8E69F6390C9F25CFEDCD268248959359E722B
Are no more available on the https
On 18/03/2025 08:02, Усманов Азат Анварович wrote:
Mark, I was thinking more about Parallel deployment section of Tomcat Docs
https://tomcat.apache.org/tomcat-9.0-doc/config/context.html
Just a simple mention like
"
If you want to get the current webapp version number in a servlet you s
i/org/apache/catalina/Globals.html
Where else would you like to see it? The where may change which steps
are required to update the docs.
Mark
От: Christopher Schultz
Отправлено: 17 марта 2025 г. 17:40
Кому: users@tomcat.apache.org
Тема: Re: context path version n
ity
to score 0 for some users and 10 for others.
We provide the criteria that enables you to determine if you are exposed
and the possible consequences if you are. You then get to decide how
concerned you want to be.
Mark
Darryl Baker, GSEC, GCLD (he/him/his)
Sr. System Administra
j/2.x/jakarta.html#replace-tomcat
Thanks for this. I have added this link to Tomcat's logging
documentation and it will be in the April release round.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For
CVE-2025-24813 Potential RCE and/or information disclosure and/or
information corruption with partial PUT
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.2
Apache Tomcat 10.1.0-M1 to 10.1.34
Apache Tomcat 9.0.0.M1 to 9.0.98
Descrip
On 07/03/2025 09:00, Boris Petrov wrote:
Hi Mark,
I'm looking at the 9.0.101 release notes and see this:
Fix a race condition in the handling of HTTP/2 stream reset that could
cause unexpected 500 responses.
Could that be the same issue as this thread here and do you think it
might
omcat offer a way to isolate virtual thread metrics specific to Tomcat?
No, because the JVM doesn't provide a mechanism to have multiple
pools/groups/anything of virtual threads.
Mark
-
To unsubscribe, e-mail: user
appy to take a look.
The current unit tests may provide some inspiration:
https://github.com/apache/tomcat/blob/main/test/org/apache/catalina/nonblocking/TestNonBlockingAPI.java
Mark
I can forward that signal to
the coordinator, but I must still wait for the "all clear" response.
O
quest/response faster.
• What would be the implications if we just catch and log the exception
without rethrowing it? Could this interfere with Tomcat’s expected behavior
in any way?
It shouldn't. Tomcat should mark the request/response as having an error
so the request/response should
On 26/02/2025 12:04, Mark Thomas wrote:
On 26/02/2025 08:16, Mark Thomas wrote:
On 13/02/2025 10:04, Rémy Maucherat wrote:
On Thu, Feb 13, 2025 at 9:41 AM Cenk Pekyaman
wrote:
We run tomcat on java17 with the embedded tomcat setup.
We have http and https connectors and we have http2
On 26/02/2025 08:16, Mark Thomas wrote:
On 13/02/2025 10:04, Rémy Maucherat wrote:
On Thu, Feb 13, 2025 at 9:41 AM Cenk Pekyaman
wrote:
We run tomcat on java17 with the embedded tomcat setup.
We have http and https connectors and we have http2 upgradeProtocol for
both.
We recently upgraded
w the "null" is not normal, the corresponding string exists in the
resource bundle:
stream.clientResetRequest=Client reset the stream before the request
was fully read
This is a Tomcat bug. The resource string was missing in 10.1.33 and was
added for 10.1.35 onward
earlier than* 31 March 2027.
End of support for Tomcat 9.1.x has not been determined. At least 12
months notice will be provided for 9.1.x end of support.
Kind regards,
Mark
on behalf of the Apache Tomcat committers
-
To
y for 12.0.x
onwards).
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.4.
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications.
mechanisms? My apologies but I didn't find details around this.
The Tomcat does doesn't get a choice on how to do this. The available
processes to start an HTTP/2 connection are defined by RFC 9113.
Mark
---
On 11/02/2025 12:42, Christopher Schultz wrote:
Mark,
On 2/7/25 3:42 AM, Mark Thomas wrote:
On 06/02/2025 19:25, Jalaj Asher wrote:
Hello,
Is it ok to delete files from tomcat/temp folder while the tomcat is
running ?
Generally, no. There are instances where that will break things.
It
1 - 100 of 1159 matches
Mail list logo
