Our project is deploying under the tomcat9.
There is a potential memory leaking issue I'm investigating.
I have experience in Jprofiler8 to solve similar issues, but JP8 doesn't work on Tomcat9.
I googled that perhaps Jp10 supports Tomcat9 although I don't find out the Tomcat9 option in server list.
Which version of Jprofiler supports Tomcat9?
Or could you please recommend me other good tools?
Thanks.
I use eclipse 4.6 to integrate with JProfiler 10.1.4, and startup server by eclipse with profile mode. The JProfile can be executed, but cannot connect to my Tomcat9 server.Jprofiler Error Message
The Eclipse console is Eclipse Jprofiler argument
Yes, JProfiler 10 supports Tomcat 9. "Support" in this case is more relevant for the profiled JVM than for the particular servlet container.
Related
I have read a lot about how bad this issue is and understand the options available to locate it within the code our company is producing and update servers that are using vulnerable versions.
What I am unable to find is if a particular server does not have Java installed i.e. if I log in as root and run java -version and get java: command not found is this server completely safe from this issue and so I can move on?
My initial instinct was: no Java - no issue. However, GitHub released an update for their Enterprise servers stating:
CRITICAL: A remote code execution vulnerability in the Log4j library, identified as CVE-2021-44228, affected all versions of GitHub Enterprise Server prior to 3.3.1. The Log4j library is used in an open-source service running on the GitHub Enterprise Server instance. This vulnerability was fixed in GitHub Enterprise Server versions 3.0.22, 3.1.14, 3.2.6, and 3.3.1. For more information, please see this post on the GitHub Blog.
And yet Java is not installed on their enterprise server.
I am guessing the offending service must be with Java running in a docker container. So I think I need to consider Java on the machine or Java running in a container.
Are there other hidden ways I have not considered in which this log4j process can be running?
log4j2 is a library that must be used by a running java process, to be vulnarable. But you are right, that checking if the java command is installed to the command line is not enough.
Here are two options (not meant to be complete), how your system could still be vulnerable without having the java command available on the command line.
Java could be downloaded into a directory without adding the java command or directory to the executable PATH. By using a .bash (or .bat) script a java process pointing to the downloaded java version could still be started. But when the directory is not added to the path, you will not find the java command enabled.
Java could be running inside of a docker container. the java command would only be available inside of your docker container but not visible from outside. I am not sure if an additional exploit would be required to break out of the container of if this is easily possible without extra effort.
I don't have a full answer yet but very definitely NO you are not safe even if Java is not installed, and Docker is not installed, and Java is not running in the process list, and Java is not in your yum/apt installed applications lists.
An obvious case I had not considered is when Java is added to an app as a JRE.
A Coverity platform server we have does not install Java but Java is running e.g. ps -ax | grep java
/home/coverity/cov_platform-2021.9.0/jre/bin/java -Djava.awt.headless=true -Djdk.tls......
Working out if a vulnerable version of Log4j is included in that JRE is much harder.
Further, just checking the process list is not enough either. In this case the process list contained java but Java may only be run when triggered by another process e.g. cron, nginx, etc
The documentation at this MRTK page implies that an OpenXR remote app is possible. However, the rest of the article only discusses the Microsoft.Holographic.Remoting.OpenXr Nuget package and later, in this section, specifics of a DX11/12 based implementation.
My question is: Is it possible to develop a Holographic remoting remote app on Linux using a different OpenXR runtime or any other means?
Edit: Answers that use WSL2 and/or the new dxgkrnl to interface to Microsoft.Holographic.Remoting.OpenXr are also welcome, although I'd prefer to keep the server purely on Linux.
Thanks in advance!
The Microsoft remoting OpenXR runtime only runs on Windows. It uses D3D internally and various other Windows APIs also for cryptography.
Every time go to run the Linux Version of Eclipse Luna SR2, it just stops at the little Splash Screen (The window that comes up before you select your work space) and it just stays like that for about 30 seconds, and then closes. Any help please?
It generates this error log which is found Here
New Answer: This is a known bug and a workaround that has fixed the issue in at least one case is to run
export SWT_GTK3=0
before starting Eclipse. See https://bugs.eclipse.org/bugs/show_bug.cgi?id=430736 for more information. If this workaround does not fix your issue make sure GTK3 is installed and upgrade glibc to at least version 2.14 to ensure Eclipse uses it. Apparently when Eclipse detects an older glibc it tries to use GTK2. If none of these suggestions fix your issue you should submit a bug report at http://bugreport.java.com/bugreport/crash.jsp to work it out with the Eclipse development team and also to help inform other people about it.
#ElectroMan - This got too long for a comment. Yes, the error log says the same thing. That means you are running Java 6, "JRE version: 6.0_34-b34" according to the log. I suggest you try running Java 8 or at least Java 7. Java SE 8u40 is the current release from Oracle and it can be downloaded for 64 bit Linux from a link on http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html. It is best to use the latest Oracle release and get away from the OpenJDK version, especially one that is two major releases outdated. However, if you opt for Java 7 its final release is available at http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html. You should be able to install either in a non-default location and keep OpenJDK 1.6.0_34 as your main version of Java on your platform. Eclipse can be configured to use Java 8 or 7 after it is installed by project or as its default for all new projects, but the main thing is to tell it to use Java 8 or 7 when it runs, since it is a Java application. Some instructions for this are at http://www.cs.umd.edu/eclipse/install_java8_luna.html. One of the main reasons for upgrading from Eclipse Kepler to Luna is to get built-in Java 8 support. Another option is to follow the instructions in the error log and file a bug report at http://www.cs.umd.edu/eclipse/install_java8_luna.html and wait for a reply. Or maybe there is already a new Luna update and you could try it.
Today, our Enterprise Architect mentioned that a recent vulnerability was discovered in the JRE 1.7. I found an article the JRE 1.7 vulnerability recommending disabling Java.
I am running JDK 1.5 and 1.6 at work (like many organizations, we're not on the latest of technologies), so no problems there.
At home I am doing development with Java SE 7u6. I'm playing with Grails, Spring Security, trying to keep learning.
I have already gone and disabled the Java Plug-in in all my browsers on my home development machine. However, does anyone know if my home dev machine is still vulnerable by virtue of having the JDK 7 installed? I did find this article on US-CERT declaring the vulnerability notice: Oracle Java JRE 1.7 Expression.execute() fails to restrict access to privileged code.
It sounded like as long as the browser is not able to run Applets, I should be fine (it should not with the Java Plug-in disabled). However, what about Java Web Start/JNLP? Could that get invoked? That's the only other thing I could think of, other than Applets, that might be of concern.
Just wondering if I need to go through the efforts of uninstalling my Java SE 7 and dropping back to a JDK6.
What have others done upon learning of this security issue with JRE 1.7?
The details of the latest vulnerability have not been made public. However, my understanding is that it only affects Java browser plugins. The recommended mitigation is to disable the Java browser plugins. No mention is made of non-plugin Java, so I think it is safe to assume that your dev machine is not vulnerable simply by virtue of having Java 7 installed.
However, what about Java Web Start/JNLP? Could that get invoked?
I don't think so. I think it is safe to assume that the people who found the problem would have thought of that potential attack vector. (But simple common sense says that you wouldn't want to be launching random JNLP programs in the first place ...)
I understand it as if you have to visit a malicious site to become infected. So no, you are not at risk simply by virtue of having Java 7 installed in your browser.
Some useful links:
US-CERT link which explains the vulnerability:
http://www.kb.cert.org/vuls/id/636312
Oracle link to their Security Alerts (not just Java, but also including Java):
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
As of writing (30 Aug 2012) I cannot see that Oracle has yet issued an alert for this. I can't really figure out if they only issue such alerts AFTER a patch has been created. According to US-CERT site Oracle was officially alerted on 29 Aug 2012 but they may already have known about it because blog reports about the vulnerability started a few days before the 29th.
What you can read on the Oracle site is that the next planned "Java SE Critical Patch Update" is on 16 October 2012. Surely they won't wait for that but release an out-of-band patch for this vulnerability asap. (they've done so before)
I have installed the Netbeans 6.7 IDE with Java ME included, but cannot create a Mobile Application project from the Java ME category. When I select the project type the wizard stops at "Finding Feature" with the message:
Not all requested modules can be enabled:
[StandardModule:org.netbeans.modules.mobility.end2end.kig jarFile:C:\Program Files\NetBeans 6.7\mobility8\modules\org-netbeans-modules-mobility-end2end-kit.jar.
I am attempting to run this on Vista Home Premium. I have tried to run the IDE as Administrator with no luck.
I am at a loss for where to go next as I cannot seem to find any information regarding this issue. Even if you don't have the solution any insight into this error message would be helpful.
I am unable so far to get the project running via the Netbeans IDE install. I have, for the time being, installed the Java ME SDK which includes a very stripped down version of the Netbeans IDE for mobile development.
I originally had some issues starting the SDK as well on Vista. The IDE reported that it could not connect to the device manager on localhost. After some searching I found this link: Java ME SDK Startup Problem which suggests changing the hosts file localhost entry from IPv6 to IPv4. The fix worked perfectly and I can now compile and run code in the emulator.
This is not an optimal solution as the SDK does not include the visual design tools, however I am able to get a basic project going in the mean time.
I have given up on the 6.7 version and have instead located and installed 6.5.1. This previous version has been working just fine and seems to do everything I need.
I ran into the exact same error today while installing NB 6.8 beta. To resolve it we need to install two plugins:
Java Web Applications (as mentioned by Ali above) and
Sun Java System Web Server 7.0
Note that these two are part of the Category called "Java Web and EE" hence the confusion that we need to install Glassfish App Server. But we need these two plugins because they are required for debugging using breakpoints in emulator. Netbeans runs a web server when we do breakpoint based debugging.
Also note that the Java Web applications needs SOAP Web Services and JavaScript Debugger plugins to run and so these plugins are also installed when you try to install it.
You also need to install "Java Web Applications" plugin.
Tools->Plugins->Available Plugins
If the module is present, you should try unzipping it to check its content makes sense.
You should also be able to rebuild it from Netbeans sources.
You can also try to figure out why this happens by debugging the module loader inside Netbeans from its sources, using another IDE, presumably the latest version of Netbeans you can find without the issue.
If the module is missing, you might want to get the missing jar file from an installation of a previous version of Netbeans, see if it is compatible.
6.5.1 isn't missing any module.
back in version 5.5, the mobility module had to be downloaded and installed separately from the main IDE.
If you want to consider using Eclipse for developing your J2ME app...I've written a post related to that some time ago: here.