dhis2-users team mailing list archive

[Jason Pickering <jason.p.pickering@xxxxxxxxx>]

Hi Bob,

https://archive.apache.org/dist/tomcat/tomcat-8/v8.0.35/

is known to work in this situation for me. Lars suggested this version and
it worked for us.

We had the exact same thing happen on another instance, which basically
"broke" dhis2-tools, so for the time being, we are using this specific
version of Tomcat as a local install to work around the problem until that
instance can be upgraded.

Specifically, it was this commit  (thanks to BAO for finding it)

https://github.com/apache/tomcat70/commit/a3d7be9e35505f85fc01f5f36451c710f9c9bbcc

which introduced this, which seems to be Tomcat 7.0.73, so something
earlier than that should work as well. I am not sure which commit this was
in Tomcat 8.

Hope that helps.

Regards,
Jason


On Wed, Feb 1, 2017 at 6:06 PM, Bob Jolliffe <bobjolliffe@xxxxxxxxx> wrote:

> Hi Lars and all
>
> I can see this is going to cause quite a bit of chaos with large country
> installations where they are not able to be too agile with upgrading.
>
> Do you have more precise info on the exact tomcat version numbers?  We
> just saw in Zim (DHIS 2.22) that the package manager automatically upgraded
> to 7.0.52 and they started seeing these problems.  So maybe it is that
> version?
>
> They will have to try and come up with a process of downgrading tomcat and
> holding that version via the package manager as a short term measure while
> they plan any dhis2 upgrade process.
>
> So getting the exact tomcat versions where the URL checking was introduced
> will be helpful if you have them.
>
> On 7 January 2017 at 12:56, Lars Helge Øverland <lars@xxxxxxxxx> wrote:
>
>> Hi all,
>>
>> the latest builds of tomcat (the servlet container mostly used with DHIS
>> 2) has tightened up validation of characters in URLs, so that only
>> characters defined as safe per RFC 1738
>> <https://www.ietf.org/rfc/rfc1738.txt> are allowed. Our apps had some
>> cases of un-escaped use of the pipe character which was causing tomcat to
>> occasionally return 400 bad request.
>>
>> We have patched this now in 2.24, 2.25 and master.
>>
>> Bottom line: If you plan to upgrade to very latest Tomcat 7, 8 or 8.5
>> builds on your server, make sure to upgrade to latest 2.24 or 2.25 of DHIS
>> 2.
>>
>>
>> regards,
>>
>> Lars
>>
>>
>>
>>
>>
>>
>> --
>> Lars Helge Øverland
>> Lead developer, DHIS 2
>> University of Oslo
>> Skype: larshelgeoverland
>> lars@xxxxxxxxx
>> http://www.dhis2.org <https://www.dhis2.org/>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~dhis2-users
>> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~dhis2-users
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Jason P. Pickering
email: jason.p.pickering@xxxxxxxxx
tel:+46764147049