← Back to team overview

dhis2-users team mailing list archive

heads up on tomcat versions and dhis


Hi all,

the latest builds of tomcat (the servlet container mostly used with DHIS 2)
has tightened up validation of characters in URLs, so that only characters
defined as safe per RFC 1738 <https://www.ietf.org/rfc/rfc1738.txt> are
allowed. Our apps had some cases of un-escaped use of the pipe character
which was causing tomcat to occasionally return 400 bad request.

We have patched this now in 2.24, 2.25 and master.

Bottom line: If you plan to upgrade to very latest Tomcat 7, 8 or 8.5
builds on your server, make sure to upgrade to latest 2.24 or 2.25 of DHIS



Lars Helge Øverland
Lead developer, DHIS 2
University of Oslo
Skype: larshelgeoverland
http://www.dhis2.org <https://www.dhis2.org/>

Follow ups