dhis2-devs team mailing list archive

[Jason Pickering <jason.p.pickering@xxxxxxxxx>]

Lars had advised me this would not be easy, as this fix would need to be
made in several apps.

I did not have time to figure out exactly which Tomcat package would work,
but your approach sounds reasonable to me. We took a temporary route and
used one we knew would work until the upgrade to at least 2.24 is feasible.

On Wed, Feb 1, 2017, 18:38 Bob Jolliffe <bobjolliffe@xxxxxxxxx> wrote:

> Thanks Jason.  To make matters more complicated it looks like ubuntu
> maintains its own patch release numbering of tomcat.  So for example it
> looks like the problem first raised in Zim after
> upgrading 7.0.52-1ubuntu0.7 to 7.0.52-1ubuntu0.8.
>
> They can try to rewind that upgrade to see if good behaviour is restored.
>
> Then I believe you can hold back further upgrades to certain packages
> with apt-mark hold <package-name>.  We'll see.
>
> How painful is it to patch dhis2 older versions?  I was looking (without
> success) for relevant github commit.
>
>
>
> On 1 February 2017 at 11:54, Jason Pickering <jason.p.pickering@xxxxxxxxx>
> wrote:
>
> Hi Bob,
>
> https://archive.apache.org/dist/tomcat/tomcat-8/v8.0.35/
>
> is known to work in this situation for me. Lars suggested this version and
> it worked for us.
>
> We had the exact same thing happen on another instance, which basically
> "broke" dhis2-tools, so for the time being, we are using this specific
> version of Tomcat as a local install to work around the problem until that
> instance can be upgraded.
>
> Specifically, it was this commit  (thanks to BAO for finding it)
>
>
> https://github.com/apache/tomcat70/commit/a3d7be9e35505f85fc01f5f36451c710f9c9bbcc
>
> which introduced this, which seems to be Tomcat 7.0.73, so something
> earlier than that should work as well. I am not sure which commit this was
> in Tomcat 8.
>
> Hope that helps.
>
> Regards,
> Jason
>
>
> On Wed, Feb 1, 2017 at 6:06 PM, Bob Jolliffe <bobjolliffe@xxxxxxxxx>
> wrote:
>
> Hi Lars and all
>
> I can see this is going to cause quite a bit of chaos with large country
> installations where they are not able to be too agile with upgrading.
>
> Do you have more precise info on the exact tomcat version numbers?  We
> just saw in Zim (DHIS 2.22) that the package manager automatically upgraded
> to 7.0.52 and they started seeing these problems.  So maybe it is that
> version?
>
> They will have to try and come up with a process of downgrading tomcat and
> holding that version via the package manager as a short term measure while
> they plan any dhis2 upgrade process.
>
> So getting the exact tomcat versions where the URL checking was introduced
> will be helpful if you have them.
>
> On 7 January 2017 at 12:56, Lars Helge Øverland <lars@xxxxxxxxx> wrote:
>
> Hi all,
>
> the latest builds of tomcat (the servlet container mostly used with DHIS
> 2) has tightened up validation of characters in URLs, so that only
> characters defined as safe per RFC 1738
> <https://www.ietf.org/rfc/rfc1738.txt> are allowed. Our apps had some
> cases of un-escaped use of the pipe character which was causing tomcat to
> occasionally return 400 bad request.
>
> We have patched this now in 2.24, 2.25 and master.
>
> Bottom line: If you plan to upgrade to very latest Tomcat 7, 8 or 8.5
> builds on your server, make sure to upgrade to latest 2.24 or 2.25 of DHIS
> 2.
>
>
> regards,
>
> Lars
>
>
>
>
>
>
> --
> Lars Helge Øverland
> Lead developer, DHIS 2
> University of Oslo
> Skype: larshelgeoverland
> lars@xxxxxxxxx
> http://www.dhis2.org <https://www.dhis2.org/>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-users
> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-users
> More help   : https://help.launchpad.net/ListHelp
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help   : https://help.launchpad.net/ListHelp
>
>
>
>
> --
> Jason P. Pickering
> email: jason.p.pickering@xxxxxxxxx
> tel:+46764147049 <+46%2076%20414%2070%2049>
>
>
>