You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Erwan de FERRIERES (JIRA)" <ji...@apache.org> on 2010/01/25 16:03:34 UTC
[jira] Created: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Upgrade Tomcat version to 6.0.24
--------------------------------
Key: OFBIZ-3424
URL: https://issues.apache.org/jira/browse/OFBIZ-3424
Project: OFBiz
Issue Type: Improvement
Components: ALL APPLICATIONS
Affects Versions: SVN trunk
Reporter: Erwan de FERRIERES
Priority: Blocker
Fix For: SVN trunk
3 security issues have been released today for Tomcat, asking to migrate to the latest version :
CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "Erwan de FERRIERES (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Erwan de FERRIERES updated OFBIZ-3424:
--------------------------------------
Attachment: tomcat-6.0.24-jasper.jar
tomcat-6.0.24-jasper-el.jar
tomcat-6.0.24-jasper-jdt.jar
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Priority: Blocker
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "Erwan de FERRIERES (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Erwan de FERRIERES updated OFBIZ-3424:
--------------------------------------
Attachment: (was: tomcat-6.0.24-jasper.jar)
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Priority: Blocker
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "Scott Gray (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Scott Gray updated OFBIZ-3424:
------------------------------
Component/s: (was: ALL APPLICATIONS)
framework
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Priority: Blocker
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "Erwan de FERRIERES (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Erwan de FERRIERES updated OFBIZ-3424:
--------------------------------------
Attachment: tomcat-6.0.24-tomcat-coyote.jar
tomcat-6.0.24-tomcat-dbcp.jar
tomcat-6.0.24-tomcat-juli.jar
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Priority: Blocker
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "Erwan de FERRIERES (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Erwan de FERRIERES updated OFBIZ-3424:
--------------------------------------
Attachment: OFBIZ-3424.diff
should be good with this one.
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "Ashish Vijaywargiya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12805487#action_12805487 ]
Ashish Vijaywargiya commented on OFBIZ-3424:
--------------------------------------------
Hello Erwan,
FYI Previous upgrade from Tomcat 5 to Tomcat 6 is being done by Jacopo (Thanks!).
So the jira issue OFBIZ-1800 & OFBIZ-1863 can help you in some sort IMO.
--
Ashish Vijaywargiya
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Priority: Blocker
> Fix For: SVN trunk
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "BJ Freeman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12857505#action_12857505 ]
BJ Freeman commented on OFBIZ-3424:
-----------------------------------
it has some unprintable characters in it.
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "Jacques Le Roux (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12856777#action_12856777 ]
Jacques Le Roux commented on OFBIZ-3424:
----------------------------------------
I'd try with the minimum and add if required
THanks
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Priority: Blocker
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "BJ Freeman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12856643#action_12856643 ]
BJ Freeman commented on OFBIZ-3424:
-----------------------------------
I was going to test this on centos 5.4
I notice that there are additional files
do we use all of these or should I just replace the ones in the catalina\lib
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Priority: Blocker
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "Erwan de FERRIERES (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Erwan de FERRIERES closed OFBIZ-3424.
-------------------------------------
Assignee: Erwan de FERRIERES
Resolution: Fixed
Done at r938061, updated to tomcat 6.0.26
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Assignee: Erwan de FERRIERES
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "Erwan de FERRIERES (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12857481#action_12857481 ]
Erwan de FERRIERES commented on OFBIZ-3424:
-------------------------------------------
You may need to remove the part where the props are changed.
I think that only the classpath and the CrossSubdomainSessionValve.java are necessary
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "Erwan de FERRIERES (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12856786#action_12856786 ]
Erwan de FERRIERES commented on OFBIZ-3424:
-------------------------------------------
I've just extracted files in the tomcat archive and renamed them. There maybe too much of them.
BTW, a new version has been released, maybe we should try to integrate this one.
Cheers
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Priority: Blocker
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "Erwan de FERRIERES (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Erwan de FERRIERES updated OFBIZ-3424:
--------------------------------------
Attachment: tomcat-6.0.24-jsp-api.jar
tomcat-6.0.24-el-api.jar
tomcat-6.0.24-annotations-api.jar
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Priority: Blocker
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "Jacques Le Roux (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux updated OFBIZ-3424:
-----------------------------------
Priority: Major (was: Blocker)
I don't think we can say this issue is a blocker. For the newer version, yes why not using the last one indeed?
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "Erwan de FERRIERES (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Erwan de FERRIERES updated OFBIZ-3424:
--------------------------------------
Attachment: tomcat-6.0.24-catalina-ha.jar
tomcat-6.0.24-catalina.jar
tomcat-6.0.24-servlet-api.jar
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Priority: Blocker
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "BJ Freeman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12860998#action_12860998 ]
BJ Freeman commented on OFBIZ-3424:
-----------------------------------
I got this fatal error.
just updated trunk and ran local copy with startofbiz
got this in the console which is not normal
Apr 26, 2010 9:34:55 AM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-0.0.0.0-8080
Apr 26, 2010 9:34:58 AM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-0.0.0.0-8443
Apr 26, 2010 9:35:21 AM org.apache.catalina.startup.Embedded start
INFO: Starting tomcat server
Apr 26, 2010 9:35:21 AM org.apache.catalina.startup.Embedded initNaming
INFO: Catalina naming disabled
Apr 26, 2010 9:35:21 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.26
Apr 26, 2010 9:35:22 AM org.apache.catalina.realm.RealmBase start
INFO: This Realm has already been started
Apr 26, 2010 9:35:23 AM org.apache.catalina.realm.RealmBase start
INFO: This Realm has already been started
Apr 26, 2010 9:35:24 AM org.apache.catalina.startup.ContextConfig
defaultWebConf
ig
INFO: No default web.xml
Apr 26, 2010 9:35:32 AM org.apache.catalina.realm.RealmBase start
INFO: This Realm has already been started
Apr 26, 2010 9:35:32 AM org.apache.catalina.startup.ContextConfig
defaultWebConf
ig
INFO: No default web.xml
Apr 26, 2010 9:35:34 AM org.apache.catalina.connector.Connector stop
SEVERE: Coyote connector has not been started
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Assignee: Erwan de FERRIERES
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "Erwan de FERRIERES (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Erwan de FERRIERES updated OFBIZ-3424:
--------------------------------------
Attachment: tomcat-6.0.24-jasper.jar
tomcat-6.0.24-jasper.jar
tomcat-6.0.24-catalina-tribes.jar
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Priority: Blocker
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "Anil K Patel (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12837427#action_12837427 ]
Anil K Patel commented on OFBIZ-3424:
-------------------------------------
I have not tested the patch, but looks like it should be simple. I think we should go for it.
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Priority: Blocker
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "BJ Freeman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12857479#action_12857479 ]
BJ Freeman commented on OFBIZ-3424:
-----------------------------------
having trouble with the diff file.
what do I need to do to be able to use it?
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24
Posted by "Erwan de FERRIERES (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Erwan de FERRIERES updated OFBIZ-3424:
--------------------------------------
Attachment: OFBIZ-3424.diff
A first patch, but some INFO messages are now in the console when lauching OFBiz such as
{code}
INFO: This Realm has already been started
Feb 21, 2010 7:02:49 PM org.apache.catalina.startup.ContextConfig defaultWebConfig
INFO: No default web.xml
2010-02-21 19:02:49,339 (main) [ GenericDispatcher.java:62 :INFO ] Creating new dispatcher [myportal] (main)
2010-02-21 19:02:49,340 (main) [ ControlServlet.java:73 :INFO ] LOADING WEBAPP [myportal] Open For Business - My Page, located at /home/erwan/workspace/ofbiz/specialpurpose/myportal/webapp/myportal/
2010-02-21 19:02:49,345 (main) [ ConfigXMLReader.java:120:INFO ] controller loaded: 0.0s, 5 requests, 5 views in file:/home/erwan/workspace/ofbiz/specialpurpose/myportal/webapp/myportal/WEB-INF/controller.xml
Feb 21, 2010 7:02:49 PM org.apache.catalina.realm.RealmBase start
INFO: This Realm has already been started
Feb 21, 2010 7:02:49 PM org.apache.catalina.startup.ContextConfig defaultWebConfig
INFO: No default web.xml
2010-02-21 19:02:49,490 (main) [ GenericDispatcher.java:62 :INFO ] Creating new dispatcher [order] (main)
2010-02-21 19:02:49,504 (main) [ ControlServlet.java:73 :INFO ] LOADING WEBAPP [ordermgr] Open For Business - Order Manager, located at /home/erwan/workspace/ofbiz/applications/order/webapp/ordermgr/
Feb 21, 2010 7:02:49 PM org.apache.catalina.connector.Connector initialize
INFO: The connector has already been initialized
Feb 21, 2010 7:02:49 PM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Feb 21, 2010 7:02:49 PM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=7/76 config=null
Feb 21, 2010 7:02:49 PM org.apache.catalina.connector.Connector initialize
INFO: The connector has already been initialized
Feb 21, 2010 7:02:49 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-0.0.0.0-8080
Feb 21, 2010 7:02:49 PM org.apache.catalina.connector.Connector initialize
INFO: The connector has already been initialized
Feb 21, 2010 7:02:49 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-0.0.0.0-8443
{code}
> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
> Key: OFBIZ-3424
> URL: https://issues.apache.org/jira/browse/OFBIZ-3424
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS
> Affects Versions: SVN trunk
> Reporter: Erwan de FERRIERES
> Priority: Blocker
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3424.diff
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.