About whether the described env is safe from CVE 2024-50379 and 56337

2025-04-16 Thread Nguyen Duong
Hi Tomcat team I am really sorry to bother you regarding this fix for Tomcat 9.0.98 revolving around the following CVEs, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56337 (★) My question is if we install our Tomcat 9.0.97 (o

Content type unknown after upgrading Tomcat 10.1.39 => 10.1.40

2025-04-16 Thread Thorsten Heit
Hi all, long time Tomcat user, but first time I'm posting, so hi to you all :-) I'm suffering a strange phenomenon after I upgraded Tomcat on one of our virtual machines from 10.1.39 to 10.1.40: When I open the link to an application being served by Tomcat my browser (Firefox) now downloads

Re: Content type unknown after upgrading Tomcat 10.1.39 => 10.1.40

2025-04-16 Thread Christopher Schultz
Thorsten, On 4/16/25 2:35 PM, Thorsten Heit wrote: long time Tomcat user, but first time I'm posting, so hi to you all :-) I'm suffering a strange phenomenon after I upgraded Tomcat on one of our virtual machines from 10.1.39 to 10.1.40: When I open the link to an application being served by

Re: Content type unknown after upgrading Tomcat 10.1.39 => 10.1.40

2025-04-16 Thread Thorsten Heit
Hi Chris, That definitely sounds odd. Do you have anything on the network between the client (browser) and the server (Tomcat)? Specifically, anything like a load-balancer, proxy, or similar? I just want to remove other possible causes before diving into Tomcat (but from your description, To

Tomcat 11 catalina.policy file removed

2025-04-16 Thread S Abirami
Hi All, After upgrading to Tomcat 11, I noticed Catalina.policy file removed from the tomcat. I haven't see any specific documentation regarding it in tomcat release note, migration guide etc. But Gen AI provides the following input, please let me know the following input is right/wrong? The

Re: Tomcat 11 catalina.policy file removed

2025-04-16 Thread Rémy Maucherat
On Wed, Apr 16, 2025 at 9:14 AM S Abirami wrote: > > Hi All, > > After upgrading to Tomcat 11, I noticed Catalina.policy file removed from the > tomcat. > I haven't see any specific documentation regarding it in tomcat release note, > migration guide etc. The security manager support has been r

Re: About whether the described env is safe from CVE 2024-50379 and 56337

2025-04-16 Thread Mark Thomas
On 16/04/2025 18:20, Nguyen Duong wrote: Hi Tomcat team I am really sorry to bother you regarding this fix for Tomcat 9.0.98 revolving around the following CVEs, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56337 (★) My que