dhis2-users team mailing list archive

Thread
Date

heads up on tomcat versions and dhis

To: DHIS 2 Developers list <dhis2-devs@xxxxxxxxxxxxxxxxxxx>, DHIS 2 Users list <dhis2-users@xxxxxxxxxxxxxxxxxxx>
From: Lars Helge Øverland <lars@xxxxxxxxx>
Date: Sat, 7 Jan 2017 13:56:20 +0100

Hi all,

the latest builds of tomcat (the servlet container mostly used with DHIS 2)
has tightened up validation of characters in URLs, so that only characters
defined as safe per RFC 1738 <https://www.ietf.org/rfc/rfc1738.txt> are
allowed. Our apps had some cases of un-escaped use of the pipe character
which was causing tomcat to occasionally return 400 bad request.

We have patched this now in 2.24, 2.25 and master.

Bottom line: If you plan to upgrade to very latest Tomcat 7, 8 or 8.5
builds on your server, make sure to upgrade to latest 2.24 or 2.25 of DHIS
2.


regards,

Lars






-- 
Lars Helge Øverland
Lead developer, DHIS 2
University of Oslo
Skype: larshelgeoverland
lars@xxxxxxxxx
http://www.dhis2.org <https://www.dhis2.org/>

Follow ups

Re: heads up on tomcat versions and dhis
From: Bob Jolliffe, 2017-02-01
Re: heads up on tomcat versions and dhis
From: Pamod Amarakoon, 2017-01-07