Ubuntu
tomcat8 package

Tomcat 8.0.32 has ClassLoader Issues

Bug #1644144 reported by Matthias Braun
48
This bug affects 8 people
Affects Status Importance Assigned to Milestone
tomcat8 (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
Fix Released
Medium
Nish Aravamudan
Yakkety
Fix Released
Undecided
Unassigned

Bug Description

[Impact]

 * There was a software bug in the 8.0.32 release of tomcat8, subsequently fixed in 8.0.33, with acessing past the end of a string.

[Test Case]

 * The apache bug provides a test case.

[Regression Potential]

* This is a strict backport from upstream of a bugfix. The regression potential is very low, as the current tomcat8 code is broken.

---

Tomcat 8.0.32, which is shipped with xenial, has serious ClassLoader issues (https://bz.apache.org/bugzilla/show_bug.cgi?id=58999)

Please provide a newer version through the packages.

See original description
Revision history for this message
Nish Aravamudan (nacc) wrote :

Bugfix is: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java?r1=1726672&r2=1730178&diff_format=h

Can be backported.

Changed in tomcat8 (Ubuntu):
status: New → Triaged
assignee: nobody → Nish Aravamudan (nacc)
tags: added: server-next
tags: added: bitesize
no longer affects: tomcat7
Changed in tomcat8 (Ubuntu):
status: Triaged → Fix Released
Changed in tomcat8 (Ubuntu Yakkety):
status: New → Fix Released
Changed in tomcat8 (Ubuntu Xenial):
status: New → Triaged
Changed in tomcat8 (Ubuntu):
assignee: Nish Aravamudan (nacc) → nobody
Changed in tomcat8 (Ubuntu Xenial):
assignee: nobody → Nish Aravamudan (nacc)
Revision history for this message
Nish Aravamudan (nacc) wrote :

Yakkety: 8.0.37-1
Zesty: 8.0.38-2 (with 8.5.9-1 in z-p)

We will take a look at backporting the suggested change to 8.0.32, as appropriate. Thank you for the report!

Changed in tomcat8 (Ubuntu Xenial):
importance: Undecided → Medium
Revision history for this message
Nish Aravamudan (nacc) wrote :

Please test tomcat8 https://launchpad.net/~nacc/+archive/ubuntu/tomcat8v2 8.0.32-1ubuntu1.3~ppa1.

Nish Aravamudan (nacc)
Changed in tomcat8 (Ubuntu Xenial):
status: Triaged → In Progress
Nish Aravamudan (nacc)
description: updated
description: updated
Revision history for this message
Thomas Mortagne (thomas-mortagne) wrote :

Any news on xenial upgrade ?

Revision history for this message
Thomas Mortagne (thomas-mortagne) wrote :

Note that this bug makes pretty much impossible to use Jython in a web app on Xenial.

Revision history for this message
Thomas Mortagne (thomas-mortagne) wrote :

Note: I have several people reported that it works well with https://launchpad.net/~nacc/+archive/ubuntu/tomcat8v2 so it would be great to apply it in the default repository :)

Revision history for this message
Jean-Sebastien Bevilacqua (realitix) wrote :

Hello Nish Aravamudan,

I encounter this problem on Xenial.
Can you patch it like you did for Yakkety ?

Thanks,
Jean-Sébastien

Revision history for this message
Jean-Sebastien Bevilacqua (realitix) wrote :

Hello Nish Aravamudan,

We tried your package on Xenial and it fixes our problem.
Can you release it ?

Thanks,
Jean-Sébastien BEVILACQUA

Revision history for this message
Jean-Sebastien Bevilacqua (realitix) wrote :

Hello,

A polite ping.

Thanks,
Jean-Sébastien BEVILACQUA

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

This bug was already fixed in Xenial on version 8.0.32-1ubuntu1.9:

tomcat8 (8.0.32-1ubuntu1.9) xenial; urgency=medium

  * d/p/fix-class-resource-name-filtering.patch: Fix class and resource name
    filtering in WebappClassLoader (LP: #1606331).

 -- Karl Stenerud <email address hidden> Mon, 10 Dec 2018 15:08:07 +0100

And it also seems a dup of LP #1606331. I am updating the status of this bug to Fix Released in Xenial.

Changed in tomcat8 (Ubuntu Xenial):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.