Re: DSA-3721-1 tomcat7 -- security update
Hi Aser,
On Wed, Nov 23, 2016 at 08:46:00AM +0100, Aser Casas wrote:
> Hi all!
>
> I installed security update DSA-3721-1 tomcat7 and the following error
> occurs when starting the server:
>
> 23-11-2016 08:06:08,149 [main] ERROR
> org.apache.jasper.security.SecurityClassLoad- SecurityClassLoad
> java.lang.ClassNotFoundException:
> org.apache.jasper.runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper
> at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
> at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
> at
> org.apache.jasper.security.SecurityClassLoad.securityClassLoad(SecurityClassLoad.java:49)
> at
> org.apache.jasper.compiler.JspRuntimeContext.<clinit>(JspRuntimeContext.java:82)
> at java.lang.Class.forName0(Native Method)
> at java.lang.Class.forName(Class.java:278)
> at
> org.apache.catalina.core.JasperListener.lifecycleEvent(JasperListener.java:63)
> at
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
> at
> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
> at
> org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
> at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
> 23-11-2016 08:06:08,156 [main] WARN
> org.apache.catalina.core.JasperListener- Couldn't initialize Jasper
> java.lang.ExceptionInInitializerError
> at java.lang.Class.forName0(Native Method)
> at java.lang.Class.forName(Class.java:278)
> at
> org.apache.catalina.core.JasperListener.lifecycleEvent(JasperListener.java:63)
> at
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
> at
> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
> at
> org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
> at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
> Caused by: java.lang.IllegalStateException:
> java.lang.ClassNotFoundException:
> org.apache.jasper.runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper
> at
> org.apache.jasper.compiler.JspRuntimeContext.<clinit>(JspRuntimeContext.java:99)
> ... 15 more
> Caused by: java.lang.ClassNotFoundException:
> org.apache.jasper.runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper
> at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
> at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
> at
> org.apache.jasper.compiler.JspRuntimeContext.<clinit>(JspRuntimeContext.java:92)
> ... 15 more
>
> This error, seems to have already been reported in the Apache bugtrack
> and fixed from version 7.0.72:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=60101
Thanks for your report. Explicitly including tomcat maintainer into
the loop.
@Emmanuel: there seem to be a regression from the recent DSA.
Regards,
Salvatore
Reply to: