[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DSA-3721-1 tomcat7 -- security update

Hi Aser,

On Wed, Nov 23, 2016 at 08:46:00AM +0100, Aser Casas wrote:
> Hi all!
> 
> I installed security update DSA-3721-1 tomcat7 and the following error
> occurs when starting the server:
> 
>     23-11-2016 08:06:08,149 [main] ERROR
>     org.apache.jasper.security.SecurityClassLoad- SecurityClassLoad
>     java.lang.ClassNotFoundException:
>     org.apache.jasper.runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper
>             at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
>             at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
>             at java.security.AccessController.doPrivileged(Native Method)
>             at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
>             at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
>             at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
>             at
>     org.apache.jasper.security.SecurityClassLoad.securityClassLoad(SecurityClassLoad.java:49)
>             at
>     org.apache.jasper.compiler.JspRuntimeContext.<clinit>(JspRuntimeContext.java:82)
>             at java.lang.Class.forName0(Native Method)
>             at java.lang.Class.forName(Class.java:278)
>             at
>     org.apache.catalina.core.JasperListener.lifecycleEvent(JasperListener.java:63)
>             at
>     org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
>             at
>     org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
>             at
>     org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
>             at
>     org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99)
>             at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
>             at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>             at
>     sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>             at
>     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>             at java.lang.reflect.Method.invoke(Method.java:606)
>             at
>     org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
>             at
>     org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
>     23-11-2016 08:06:08,156 [main] WARN 
>     org.apache.catalina.core.JasperListener- Couldn't initialize Jasper
>     java.lang.ExceptionInInitializerError
>             at java.lang.Class.forName0(Native Method)
>             at java.lang.Class.forName(Class.java:278)
>             at
>     org.apache.catalina.core.JasperListener.lifecycleEvent(JasperListener.java:63)
>             at
>     org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
>             at
>     org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
>             at
>     org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
>             at
>     org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99)
>             at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
>             at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>             at
>     sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>             at
>     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>             at java.lang.reflect.Method.invoke(Method.java:606)
>             at
>     org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
>             at
>     org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
>     Caused by: java.lang.IllegalStateException:
>     java.lang.ClassNotFoundException:
>     org.apache.jasper.runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper
>             at
>     org.apache.jasper.compiler.JspRuntimeContext.<clinit>(JspRuntimeContext.java:99)
>             ... 15 more
>     Caused by: java.lang.ClassNotFoundException:
>     org.apache.jasper.runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper
>             at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
>             at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
>             at java.security.AccessController.doPrivileged(Native Method)
>             at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
>             at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
>             at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
>             at
>     org.apache.jasper.compiler.JspRuntimeContext.<clinit>(JspRuntimeContext.java:92)
>             ... 15 more
> 
> This error, seems to have already been reported in the Apache bugtrack
> and fixed from version 7.0.72:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=60101

Thanks for your report. Explicitly including tomcat maintainer into
the loop.

@Emmanuel: there seem to be a regression from the recent DSA.

Regards,
Salvatore
Reply to: