| 2016-12-14 01:06:39 |
Nish Aravamudan |
description |
Please fix the following line in catalina.properties in all tomcat source packages.
WRONG:
common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.home}/common/classes,${catalina.home}/common/*.jar
CORRECT:
common.loader=${catalina.base}/common/classes,${catalina.base}/common/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
Following problems with the wrong statement:
1. Odering is wrong: catalina.base should overrule catalina.home here (see class loader howto below).
2. catalina.home is expanded normally to /usr/share/tomcat7, but there is no common directory - it is below
/var/lib/tomcat7 (as expanded by catalina.base).
3. ${catalina.base}/lib,${catalina.base}/lib/*.jar are pointing to non existing directories. I recommend to skip this part.
For reference see https://tomcat.apache.org/tomcat-7.0-doc/class-loader-howto.html
> The locations searched by this class loader are defined by the common.loader property in
> $CATALINA_BASE/conf/catalina.properties.
> The default setting will search the following locations in the order they are listed:
>
> unpacked classes and resources in $CATALINA_BASE/lib
> JAR files in $CATALINA_BASE/lib
> unpacked classes and resources in $CATALINA_HOME/lib
> JAR files in $CATALINA_HOME/lib |
[Impact]
* The order of paths in common.loader does not follow the upstream tomcat recommendations. This can lead to unexpected behavior.
[Test Case]
* The broken tomcat8 will have
common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.home}/common/classes,${catalina.home}/common/*.jar
while the corrected version will have
common.loader="${catalina.base}/lib","${catalina.base}/lib/*.jar","${catalina.home}/lib","${catalina.home}/lib/*.jar","${catalina.base}/common/classes","${catalina.base}/common/*.jar","${catalina.home}/common/classes","${catalina.home}/common/*.jar"
in catalina.properties.
[Regression Potential]
* The primary source of regressions would be end-users relying on the old path order and thus getting a different class loaded with the 'fixed' version. However, the Ubuntu order is unspecified as being stable, and is contradictory to the public documentation.
Please fix the following line in catalina.properties in all tomcat source packages.
WRONG:
common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.home}/common/classes,${catalina.home}/common/*.jar
CORRECT:
common.loader=${catalina.base}/common/classes,${catalina.base}/common/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
Following problems with the wrong statement:
1. Odering is wrong: catalina.base should overrule catalina.home here (see class loader howto below).
2. catalina.home is expanded normally to /usr/share/tomcat7, but there is no common directory - it is below
/var/lib/tomcat7 (as expanded by catalina.base).
3. ${catalina.base}/lib,${catalina.base}/lib/*.jar are pointing to non existing directories. I recommend to skip this part.
For reference see https://tomcat.apache.org/tomcat-7.0-doc/class-loader-howto.html
> The locations searched by this class loader are defined by the common.loader property in
> $CATALINA_BASE/conf/catalina.properties.
> The default setting will search the following locations in the order they are listed:
>
> unpacked classes and resources in $CATALINA_BASE/lib
> JAR files in $CATALINA_BASE/lib
> unpacked classes and resources in $CATALINA_HOME/lib
> JAR files in $CATALINA_HOME/lib |
|
