Hi,
I’ve discovered that in my web application files that are uploaded via a form
with Safari (v18.5) and Tomcat (v11.0.9) has HTTP/2 enabled, they're being
corrupted.
If I use Chrome (v137.0.7151.122) they upload without error and if I disable
HTTP/2 on Tomcat, the files will upload wi
Hassan,
On 7/17/25 1:04 PM, Jacobs, Hassan wrote:
I am reaching out in regards to multiple vulnerabilities that we have
found in our servers with you all. Is there a representative that we
could speak with?
You're speaking to the whole community. The ASF does not provide support
through any
If you haven't already, you should review:
https://tomcat.apache.org/security-9.html
Also consider migrating / upgrading to the most recent 9.0.x version.
On Thu, Jul 17, 2025 at 1:05 PM Jacobs, Hassan
wrote:
> Greetings,
>
>
>
> I am reaching out in regards to multiple vulnerabilities that we
Greetings,
I am reaching out in regards to multiple vulnerabilities that we have found in
our servers with you all. Is there a representative that we could speak with?
Very Respectfully,
Hassan Jacobs
SAP Analyst
EZGO
[cid:image001.png@01DBF71B.566B1E80]
Just wanted to +1 to Chris' comments as one of the folks Chris was
referring to in the community :) I'd also add that Red Hat also runs lots
of regression tests, integration tests, testing layered products that use
tomcat, etc. that ensure the packaged version of tomcat works without
Bharath,
On 7/15/25 3:11 AM, Cheruku, B.R. (Bharath) wrote:
Thank you for your detailed response and the helpful information
regarding Tomcat on RHEL 10.
As a follow-up, do you or anyone in the community have similar
insights or recommendations regarding running Apache HTTPD (httpd)
on RHEL 10
Hi Chris,
Thank you for your detailed response and the helpful information regarding
Tomcat on RHEL 10.
As a follow-up, do you or anyone in the community have similar insights or
recommendations regarding running Apache HTTPD (httpd) on RHEL 10? Are there
any known issues, limitations, or
Bharath,
On 7/14/25 9:17 AM, Cheruku, B.R. (Bharath) wrote:
I would like to ask if anyone in the community has experience running
Apache Tomcat versions 8.x, 9.x, 10.x, or 11.x on Red Hat Enterprise
Linux 10 (RHEL 10).
Are there any known issues, limitations, or recommendations for these
Hello,
I would like to ask if anyone in the community has experience running Apache
Tomcat versions 8.x, 9.x, 10.x, or 11.x on Red Hat Enterprise Linux 10 (RHEL
10).
Are there any known issues, limitations, or recommendations for these versions
on RHEL 10?
Additionally, if there is any
Mark,
Oops, I'm sorry I didn't see this correction and just sent one of my own. :(
-chris
On 7/10/25 3:18 PM, Mark Thomas wrote:
Correcting typo in fixed versions
CVE-2025-52520 Apache Tomcat - DoS in multipart upload
Severity: Low
Vendor: The Apache Software Foundation
Version
CVE-2025-52520 Apache Tomcat - DoS in multipart upload
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
For some unlikely configurations of multipart
Joey,
On 7/10/25 3:14 PM, Joey Cochran wrote:
Is this accurate?
Versions Affected:
Apache Tomcat 10.1.0-M1 to 10.1.42
Mitigation:
- Upgrade to Apache Tomcat 10.1.32 or later
Nope, this should be "Upgrade to 10.1.43 or later".
Thanks for noticing; we'll get this corrected an
Correcting typo in fixed versions
CVE-2025-53506 Apache Tomcat - DoS in HTTP/2
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
An uncontrolled resource
Correcting typo in fixed versions
CVE-2025-52520 Apache Tomcat - DoS in multipart upload
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
For some
Mark,
Is this accurate?
Versions Affected:
Apache Tomcat 10.1.0-M1 to 10.1.42
Mitigation:
- Upgrade to Apache Tomcat 10.1.32 or later
Thanks!
-Joey
[cid:d114c52d-730d-4ed5-9b19-db4e930e1068]
Joey Cochran
Systems Administrator II
Middleware Developer
Information Technology
CVE-2025-53506 Apache Tomcat - DoS in HTTP/2
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
An uncontrolled resource consumption vulnerability if an
CVE-2025-52520 Apache Tomcat - DoS in multipart upload
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
For some unlikely configurations of multipart
CVE-2025-49125 Apache Tomcat - APR/Native Connector crash leading to DoS
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.105
Description:
A race condition on connection close could trigger a JVM crash when
using the APR/Native
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.107.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.107 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.9.
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.43.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications
Hi
Perplexity wrote
The maxPostSize attribute only applies to requests where Tomcat parses form
data (e.g., application/x-www-form-urlencoded).
For raw POST bodies (like application/json), maxPostSize may not be enforced by
default in all Tomcat versions.
If you need to restrict POST size
Hi Team,
We are looking into possibility of restricting the POST request size having
content-type application/json in Tomcat.
We want to ensure that attacker should not hit Rest API request directly with
large request data. Expecting Tomcat application server level configuration
should
the NonLoginAuthenticator.
The authenticator is the only place I see Tomcat setting:
Cache-Control: private
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h
> Different value for securePagesWithPragma on the authenticator for the
> two system being tested?
No. authenticator is not used at all.
On 03/07/2025 11:18, Rolandas Karosas | Edrana Baltic wrote:
Hi,
On Apache Tomcat 10.1.42 with configured SSL Connector
web application with Spring, Spring Security
returns the configured Default Spring Security Cache Control HTTP Response
Headers
Cache-Control: no-cache, no-store, max-age
Hi,
On Apache Tomcat 10.1.42 with configured SSL Connector
web application with Spring, Spring Security
returns the configured Default Spring Security Cache Control HTTP Response
Headers
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
But when I add to
On Thu, Jun 26, 2025 at 6:23 AM Rose Mary P T wrote:
>
> Dear Rémy Maucherat,
>
>
>
> Thank you for your comments. I have another question: can we configure both
> virtual threads and platform threads in the same Apache Tomcat server.xml
> file? Specifically, is i
Dear Rémy Maucherat,
Thank you for your comments. I have another question: can we configure both
virtual threads and platform threads in the same Apache Tomcat server.xml file?
Specifically, is it possible to set up one connector to support an application
using virtual threads, and another
Mark,
On 6/25/25 9:58 AM, Mark Thomas wrote:
On 25/06/2025 14:07, Mark Thomas wrote:
I think I need to look at the rules for merging welcome resources.
That might prompt some changes to the PR.
At the moment, a is almost certain to match since it
will likely be using extension mapping ma
On 25/06/2025 14:07, Mark Thomas wrote:
I think I need to look at the rules for merging welcome resources. That
might prompt some changes to the PR.
At the moment, a is almost certain to match since it
will likely be using extension mapping making any welcome resources that
follow unneces
intention is that the index.jsp page should be used if present and
index.do (which always maps to the servlet) used if it is not. However,
a strict reading of the servlet spec requires that a 404 is returned if
index.jsp is not present.
Most containers have a workaround for this (Tomcat has
Tim,
Thanks for looking at this.
On 25/06/2025 13:55, Tim Funk wrote:
This is a good cleanup. I one question for confirmation, let's say
we have this config:
index.html
index.do
index.htm
With
-- request = /foo/
-- AND file exists of = /foo/index.htm
Since index.htm exists, we'd process as /f
This is a good cleanup. I one question for confirmation, let's say
we have this config:
index.html
index.do
index.htm
With
-- request = /foo/
-- AND file exists of = /foo/index.htm
Since index.htm exists, we'd process as /foo/index.htm despite it being
"3rd" in the welcome file list since welcome
> The intention is that the index.jsp page should be used if present and
> index.do (which always maps to the servlet) used if it is not. However,
> a strict reading of the servlet spec requires that a 404 is returned if
> index.jsp is not present.
>
> Most containers have a workaround for
to the servlet) used if it is not. However,
a strict reading of the servlet spec requires that a 404 is returned if
index.jsp is not present.
Most containers have a workaround for this (Tomcat has
resourceOnlyServlets) but Servlet 6.2 intends to fix this properly by
introducing a new element
case, do we still need to
> update the Apache Tomcat to 9.0.106, 10.1.42 & 11.0.8 which has
> CVE-2025-48988 fixed ?
> Or is it not needed to update the Tomcat to these versions ?
You need to upgrade Tomcat since it uses its own internal copy of
fileupload to process the Servlet API mult
Hi,
It is about the CVE-2025-48988 mentioned in the email subject.
I have a question that- if we update the "Apache Commons FileUpload" jar to the
version which fixes the CVE-2025-48976; in that case, do we still need to
update the Apache Tomcat to 9.0.106, 10.1.42 & 11.0.8
Hi,
It is about the CVE-2025-48988 mentioned in the email subject.
I have a question that- if we update the "Apache Commons FileUpload" jar to the
version which fixes the CVE-2025-48976; in that case, do we still need to
update the Apache Tomcat to 9.0.106, 10.1.42 & 11.0.8
eturned the wrong value for NIO. This is fixed.
Let us know if you find other problems.
Rémy
> Looking forward to your response
>
> Regards,
> Rose Mary
>
> From: Rose Mary P T
> Date: Tuesday, 20 May 2025 at 4:07 PM
> To: Tomcat Users List
> Subject: [EXTERNAL] RE: Mo
On 18/06/2025 15:11, Raviteja Karanam wrote:
TCS Confidential
Not any more it isn't. You posted this question to a public mailing list.
Hi Tomcat Team,
We have recently upgraded the tomcat version from apache-tomcat-9.0.80
to apache-tomcat-9.0.102.
After upgrade we are facing the
TCS Confidential
Hi Tomcat Team,
We have recently upgraded the tomcat version from apache-tomcat-9.0.80 to
apache-tomcat-9.0.102.
After upgrade we are facing the issue java.lang.OutOfMemoryError:GC overhead
limit execeeded.
We have added the space from 4 GB to 8 GB but still issue exist
On 17/06/2025 17:29, Mark Thomas wrote:
In short, you'll probably need to increase maxPartCount
Thanks, thats fixed it.
Stephen
==
|epcc| Dr Stephen P Booth Principal Architect
See https://bz.apache.org/bugzilla/show_bug.cgi?id=69710
In short, you'll probably need to increase maxPartCount
Mark
On 17/06/2025 16:45, Stephen Booth wrote:
I just updated my production servers from 9.0.104 to 9.0.106
and this broke my registration form with the following exception.
Stack
I just updated my production servers from 9.0.104 to 9.0.106
and this broke my registration form with the following exception.
Stack Trace:
org.apache.tomcat.util.http.fileupload.impl.FileCountLimitExceededException:
attachment
at
org.apache.tomcat.util.http.fileupload.FileUploadBase
[like] Marco Krammer reacted to your message:
From: Mark Thomas
Sent: Monday, June 16, 2025 1:59:33 PM
To: Tomcat Users List
Cc: annou...@apache.org ; annou...@tomcat.apache.org
; Tomcat Developers List
Subject: [SECURITY] CVE-2025-49125 Apache Tomcat
CVE-2025-49125 Apache Tomcat - Security constraint bypass for
pre/post-resources
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.7
Apache Tomcat 10.1.0-M1 to 10.1.41
Apache Tomcat 9.0.0.M1 to 9.0.105
Description:
When using
CVE-2025-49124 Apache Tomcat - Side-loading via Tomcat installer for Windows
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.7
Apache Tomcat 10.1.0 to 10.1.41
Apache Tomcat 9.0.23 to 9.0.105
Description:
During installation, the Tomcat
CVE-2025-48988 Apache Tomcat - DoS in multipart upload
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.7
Apache Tomcat 10.1.0-M1 to 10.1.41
Apache Tomcat 9.0.0.M1 to 9.0.105
Description:
Tomcat used the same limit for both request
CVE-2025-48976 Apache Tomcat - DoS in Commons FileUpload
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.7
Apache Tomcat 10.1.0-M1 to 10.1.41
Apache Tomcat 9.0.0.M1 to 9.0.105
Description:
Apache Commons FileUpload provided a hard
Alex,
On 6/10/25 6:54 PM, Alex O'Ree wrote:
Greetings
I'm running tomcat v9.0.105 with a CXF based SOAP service (you know, the
old school JAXWS services). Within that service, I had a need to retrieve a
specific http header and i've been running into some inconsistent results.
Th
Greetings
I'm running tomcat v9.0.105 with a CXF based SOAP service (you know, the
old school JAXWS services). Within that service, I had a need to retrieve a
specific http header and i've been running into some inconsistent results.
The tomcat server is sitting behind a nginx pro
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.8.
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.106.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.106 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.42.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications
w the ant tasks in the Tomcat documentation. Does anyone know of
> something more ready to go out of the box, so to speak?
>
>
> Regards
> Mark Resh
>
Mark,
On 6/4/25 1:43 PM, Timothy Resh wrote:
I have a production server with JMX enabled. However, we cannot install
any additional software to do performance monitoring. We can, however,
extract data from the MBeans and transfer it elsewhere for analysis.
I saw the ant tasks in the Tomcat
ALCON,
I have a production server with JMX enabled. However, we cannot install
any additional software to do performance monitoring. We can, however,
extract data from the MBeans and transfer it elsewhere for analysis.
I saw the ant tasks in the Tomcat documentation. Does anyone know of
n the certificate is no concern.
But if I add (or remove) a new SSLHostConfig, tomcat needs to
be restarted in order to take into account the new configuration.
I would like to know if there is a way to configure tomcat so
avoid restart.
Even using a different way to configure tomcat o
.
But if I add (or remove) a new SSLHostConfig, tomcat needs to
be restarted in order to take into account the new configuration.
I would like to know if there is a way to configure tomcat so
avoid restart.
Even using a different way to configure tomcat outside of
server.xml using a different cert
tificate renewal, reloadin the certificate is no concern.
But if I add (or remove) a new SSLHostConfig, tomcat needs to
be restarted in order to take into account the new configuration.
I would like to know if there is a way to configure tomcat so
avoid restart.
Even using a different way to c
like this
certificateKeystoreFile="/etc/ssl/LetsEncrypt/host domain.it/host
domain.it.pfx"
certificateKeystorePassword="passwrod"
certificateKeystoreType="PKCS12"
/>
after certificate renewal, reloadin the certificate is no concern.
But if I add (or remove) a new SSLHo
fter certificate renewal, reloadin the certificate is no concern.
But if I add (or remove) a new SSLHostConfig, tomcat needs to be
restarted in order to take into account the new configuration.
I would like to know if there is a way to configure tomcat so avoid
restart.
Even using a differ
Per original reports from Greg K, pathInfo is not the only
weakness.
From: Mark Thomas
Sent: Friday, May 30, 2025 3:02
To: Tomcat Users List
Cc: annou...@apache.org; annou...@tomcat.apache.org; Tomcat Developers List
Subject: [SECURITY] CVE-2025-46701
CVE-2025-46701 Apache Tomcat - CGI security constraint bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.6
Apache Tomcat 10.1.0-M1 to 10.1.40
Apache Tomcat 9.0.0.M1 to 9.0.104
Description:
When running on a case insensitive file
ertificate is no concern.
But if I add (or remove) a new SSLHostConfig, tomcat needs to be
restarted in order to take into account the new configuration.
I would like to know if there is a way to configure tomcat so avoid
restart.
Even using a different way to configure tomcat outside of serve
te renewal, reloadin the certificate is no concern.
But if I add (or remove) a new SSLHostConfig, tomcat needs to be
restarted in order to take into account the new configuration.
I would like to know if there is a way to configure tomcat so avoid
restart.
Even using a different way to c
t.pfx"
certificateKeystorePassword="passwrod"
certificateKeystoreType="PKCS12"
/>
after certificate renewal, reloadin the certificate is no concern.
But if I add (or remove) a new SSLHostConfig, tomcat needs to be
restarted in order to take into account the new configuration.
I
tificateKeystoreType="PKCS12"
/>
after certificate renewal, reloadin the certificate is no concern.
But if I add (or remove) a new SSLHostConfig, tomcat needs to be
restarted in order to take into account the new configuration.
I would like to know if there is a way to configu
On 2025/05/27 20:11:25 Ivano Luberti wrote:
> Hi all, is there a way to configure tomcat in order to avoid restart
> when I change the list of ssl certificates?
>
> I know and I do it, how to reload existing certificates, but I'm
> searching a qay to avoid reloading wh
On 27/05/2025 21:11, Ivano Luberti wrote:
Hi all, is there a way to configure tomcat in order to avoid restart
when I change the list of ssl certificates?
Which list of certificates? There are several.
Exactly what are you changing? Are you adding a cert to a keystore,
adding a PEM file to a
Hi,
here is all you need
https://tomcat.apache.org/whichversion.html
We run Tomcat 9 even with OpenJDK 21.
Regards,
Zdenek Henek
On Wed, May 28, 2025 at 5:04 AM dineshk
wrote:
> Hi Team,
> Could anybody clarify on if we could use Java 17 with Java EE specs with
> tom
Hi Team,
Could anybody clarify on if we could use Java 17 with Java EE specs with tomcat
9.0.x ?
RegardsDinesh
Sent from Yahoo Mail for iPhone
Hi all, is there a way to configure tomcat in order to avoid restart
when I change the list of ssl certificates?
I know and I do it, how to reload existing certificates, but I'm
searching a qay to avoid reloading when I add or remove a certificate.
I'm using Tomcat 9 , but l
William,
On 4/9/25 11:09 AM, William Crowell wrote:
Is there any current up-to-date documentation on how to setup Apache
Tomcat 9 with SAML and Active Directory that is not AI generated?
I know you can do Keycloak IdP with Tomcat, but I was trying to
avoid setting up an identity provider.
I
On 21/05/2025 13:44, Zdeněk Henek wrote:
Hello,
I am getting these errors in one of our systems:
java.lang.ClassCastException: class com.sun.mail.handlers.text_html cannot
be cast to class javax.activation.DataContentHandler
(com.sun.mail.handlers.text_html is in unnamed module of loader
org.ap
/activation-1.1.jar
[558992.846s][info][class,load] javax.activation.DataContentHandler source:
file:/mnt/app/tomcat/webapps/app4/WEB-INF/lib/activation-1.1.jar
(0)
$ grep com.sun.mail.handlers.text_html classloaded.log
[5436.558s][info][class
Tomcat 9.0.102, OpenJDK Runtime Environment
Temurin-21.0.6+7 (build 21.0.6+7-LTS), RHEL 9.5 Linux
The functionality has a number of threads in the thread pool and only one
of the threads is causing this issue. Other threads are working as expected.
I am aware of duplicated jar files (even the same
From: Rose Mary P T
Date: Tuesday, 20 May 2025 at 4:07 PM
To: Tomcat Users List
Subject: [EXTERNAL] RE: Monitoring Virtual Threads via JMX / MBeans in Tomcat
HI Mark,
Just a gentle reminder regarding my previous message. I’m following up to see
if there’s any update on this. Please let me know
2025 at 7:08 PM
To: Tomcat Users List , ma...@apache.org
Subject: [EXTERNAL] RE: Monitoring Virtual Threads via JMX / MBeans in Tomcat
Dear Tomcat Users/Mark,
I was finally able to retrieve the thread name from the workerThreadName
attribute in RequestProcessor.tomcatExecutor for a request. In order
Found
https://github.com/apache/tomcat/blob/main/res/maven/README.txt
On Tue, May 13, 2025 at 1:28 PM Ernesto Reinaldo Barreiro <
reier...@gmail.com> wrote:
> Hi,
>
> I cloned/forked tomcat sources and the build is ANT based. Question. I
> managed to generate a build but I wan
Hi,
I cloned/forked tomcat sources and the build is ANT based. Question. I
managed to generate a build but I want to install in my local maven
repositories a distribution of the jar files with this "SNAPSHOT" version.
Is there some "ready" ant task I can use to do so?
-
0-SNAPSHOT. And we will be able to
use tomcat 11... as soon as Wicket 10.6.0 is released... But while doing
this work I realized Tomcat already has an upload progress listening
machinery. What I didn't find is a way to hack into the coyote Request and
plug in a custom listener. Thus, I just cre
The issue occurred again in Tomcat v10.1.40 but is fixed again in Tomcat
v10.1.41
On Thu, Apr 3, 2025 at 7:52 PM Mark Thomas wrote:
> On 03/04/2025 05:34, Tim N wrote:
> > That should have been
> >> Looks like this last worked Tomcat v10.1.20 and first failed v10.1.23
> &
> On May 12, 2025, at 2:01 PM, Rémy Maucherat wrote:
>
> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 9.0.105.
>
> Apache Tomcat 9 is an open source software implementation of the Java
> Servlet, JavaServer Pages, Java Unified Expr
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.105.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.104 is a bugfix and
Hi,
It seems this happens also with tomcat 10.1.x under certain circumstances.
I have create
https://github.com/reiern70/file-upload-broken
to illustrate the problem. Hope this helps reproduce the problem. If I can
further assist getting this "fixed" please let me know
On Fri, May 2,
Thorsten,
On 5/2/25 2:49 PM, Thorsten Heit wrote:
please excuse the long delay in answering (unplanned holidays...)
Tomcat is never going to figure out what MIME type should be used for
a request like "/my/servlet/app?version=!!1.22.32-4-g8a3c060!!"
So I think Mark is probably r
; > application works as expected with the latest Tomcat 10.1.40. But our
> > application does not work with Tomcat 11.0.6 because file upload
> (multipart
> > processing is broken).
> >
> > Apache wicket 10.x uses fileupload2.jakarta.servlet5 thus I create a
> br
Hi Chris,
please excuse the long delay in answering (unplanned holidays...)
Tomcat is never going to figure out what MIME type should be used for a
request like "/my/servlet/app?version=!!1.22.32-4-g8a3c060!!"
So I think Mark is probably right (well, he's right like 99.999% o
Ernesto,
On 5/1/25 8:51 PM, Ernesto Reinaldo Barreiro wrote:
We have an Apache Wicket application that I just ported to wicket 10. The
application works as expected with the latest Tomcat 10.1.40. But our
application does not work with Tomcat 11.0.6 because file upload (multipart
processing is
short window from when tomcat creates a new
session and when it is persisted to db which under heavy loads
duplicates can be created.
Each node generates a session identifier for itself, and the (default)
session id space is quite large (2^128 bits or
340282366920938463463374607431768211456
Hi,
Thank you very much for your email. My answers inlined.
On Fri, May 2, 2025 at 6:54 AM Rick Noel
wrote:
> We had the same issue when going to Tomcat 11.
>
> You need to make two changes.
> 1) get the request params passed in via.
> jakarta.servlet.http.P
We had the same issue when going to Tomcat 11.
You need to make two changes.
1) get the request params passed in via. jakarta.servlet.http.Part
Like so.
import jakarta.servlet.http.Part;
Part fileUpload = request.getPart("param-name");
if(null !=
Thanks Chris,
I appreciate you input. In answer to your questions the primary issue we
are experiencing is that on occasions (once a month or two) we will get
two users on different nodes with the same session id. We suspect this
could be because there is a short window from when tomcat
Hi,
We have an Apache Wicket application that I just ported to wicket 10. The
application works as expected with the latest Tomcat 10.1.40. But our
application does not work with Tomcat 11.0.6 because file upload (multipart
processing is broken).
Apache wicket 10.x uses fileupload2
Minor nit:
Tomcat also supports:
Jakarta Annotations
Jakarta Debugging Support for Other Languages
but we don't list then on the spec age. We probably should.
Mark
On 29/04/2025 15:36, William Crowell wrote:
Chris,
Beautiful answer and exactly what I was looking for. Thank you.
Re
Chris,
Beautiful answer and exactly what I was looking for. Thank you.
Regards,
William Crowell
From: Christopher Schultz
Date: Tuesday, April 29, 2025 at 10:32 AM
To: Tomcat Users List , William Crowell
Subject: Re: When was the first stable GA release of Apache Tomcat 11.0.x?
William
William,
On 4/29/25 7:04 AM, William Crowell wrote:
Just for my clarification: When was the first stable GA release of
Apache Tomcat 11.0.x?
I believe it was October 9th, 2024, but I did see the Jakarta EE
Platform Web Profile 11 was released on March 30th, 2025:
https://projects.eclipse.org
Good morning,
Just for my clarification: When was the first stable GA release of Apache
Tomcat 11.0.x?
I believe it was October 9th, 2024, but I did see the Jakarta EE Platform Web
Profile 11 was released on March 30th, 2025:
https://projects.eclipse.org/projects/ee4j.jakartaee-platform
1 - 100 of 1369 matches
Mail list logo
