Fridrich Strba
5d3c84a4fd
* Fixed CVEs:
+ CVE-2024-54677: DoS in examples web application (bsc#1233434)
+ CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663)
* Catalina
+ Add: Add option to serve resources from subpath only with WebDAV Servlet
like with DefaultServlet. (michaelo)
+ Fix: Add special handling for the protocols attribute of SSLHostConfig in
storeconfig. (remm)
+ Fix: 69442: Fix case sensitive check on content-type when parsing request
parameters. (remm)
+ Code: Refactor duplicate code for extracting media type and subtype from
content-type into a single method. (markt)
+ Fix: Compatibility of generated embedded code with components where
constructors or property related methods throw a checked exception. (remm)
+ Fix: The previous fix for inconsistent resource metadata during concurrent
reads and writes was incomplete. (markt)
+ Fix: 69444: Ensure that the javax.servlet.error.message request attribute
is set when an application defined error page is called. (markt)
+ Fix: Avoid quotes for numeric values in the JSON generated by the status
servlet. (remm)
+ Add: Add strong ETag support for the WebDAV and default servlet, which can
be enabled by using the useStrongETags init parameter with a value set to
true. The ETag generated will be a SHA-1 checksum of the resource content.
(remm)
+ Fix: Use client locale for directory listings. (remm)
+ Fix: 69439: Improve the handling of multiple Cache-Control headers in the
ExpiresFilter. Based on pull request #777 by Chenjp. (markt)
+ Fix: 69447: Update the support for caching classes the web application
class loader cannot find to take account of classes loaded from external
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=325
53 lines
1.8 KiB
Plaintext
53 lines
1.8 KiB
Plaintext
# System-wide configuration file for tomcat services
|
|
# This will be loaded by systemd as an environment file,
|
|
# so please keep the syntax. For shell expansion support
|
|
# place your custom files as /etc/tomcat/conf.d/*.conf
|
|
#
|
|
# There are 2 "classes" of startup behavior in this package.
|
|
# The old one, the default service named tomcat.service.
|
|
# The new named instances are called tomcat@instance.service.
|
|
#
|
|
# Use this file to change default values for all services.
|
|
# Change the service specific ones to affect only one service.
|
|
# For tomcat.service it's /etc/sysconfig/tomcat, for
|
|
# tomcat@instance it's /etc/sysconfig/tomcat@instance.
|
|
|
|
# This variable is used to figure out if config is loaded or not.
|
|
TOMCAT_CFG_LOADED="1"
|
|
|
|
# In new-style instances, if CATALINA_BASE isn't specified, it will
|
|
# be constructed by joining TOMCATS_BASE and NAME.
|
|
TOMCATS_BASE="/var/lib/tomcats/"
|
|
|
|
# Where your java installation lives
|
|
#JAVA_HOME="/usr/libi64/jvm/jre"
|
|
|
|
# Where your tomcat installation lives
|
|
CATALINA_HOME="@@@TCHOME@@@"
|
|
|
|
# System-wide tmp
|
|
CATALINA_TMPDIR="/var/cache/tomcat/temp"
|
|
|
|
# You can pass some parameters to java here if you wish to
|
|
#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
|
|
|
|
# Use JAVA_OPTS to set java.library.path for libtcnative.so
|
|
#JAVA_OPTS="-Djava.library.path=/usr/lib"
|
|
|
|
# Set default javax.sql.DataSource factory to apache commons one. See rhbz#1214381
|
|
JAVA_OPTS="-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory"
|
|
|
|
# You can change your tomcat locale here
|
|
#LANG="en_US"
|
|
|
|
# Run tomcat under the Java Security Manager
|
|
SECURITY_MANAGER="false"
|
|
|
|
# Time to wait in seconds, before killing process
|
|
# TODO(stingray): does nothing, fix.
|
|
# SHUTDOWN_WAIT="30"
|
|
|
|
# If you wish to further customize your tomcat environment,
|
|
# put your own definitions here
|
|
# (i.e. LD_LIBRARY_PATH for some jdbc drivers)
|