tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Ludwig <mil...@gmx.de>
Subject Re: HTTP Status 500 - Server Internal Error
Date Mon, 20 Dec 2010 23:57:42 GMT
Moin Chris,

Christopher Schultz schrieb am 20.12.2010 um 15:18 (-0500):
> On 12/19/2010 7:35 AM, Michael Ludwig wrote:
> > In the case of Xerces, however, it is preferable to put the JAR(s)
> > into %CATALINA_HOME%\endorsed (which may not exist but may be
> > created) so they will be available to all of Tomcat and outmatch the
> > Sun fork shipping with the JRE.
> 
> I'm not sure I'd recommend this unless no other option will work:
> overriding the vendor-supplied XML parser with one that is quite old
> (as Xerces 2.6.1 appears to be) may open you up to security
> vulnerabilities as well as other incompatibilities with the library.

I must have overlooked the ancient Xerces version, and the fact that it
is bundled with Jena. I wonder why they're using such an old version?
I don't recommend putting that into endorsed/. Thanks for catching this.

In general, however, I would prefer Apache Xerces to the Sun fork,
especially when using JDK 1.6. I've hit a couple of bugs in the Sun
fork, and I'm not the only one.

  I've already seen so many bugs in the Sun JDK 1.6 Xerces version that
  I recommend people never to use it for production work […]

  In fact, at some stage I'd like to get rid of the Parse module: this
  module holds the Sun fork of the Apache Xerces parser, which is
  horribly buggy; I'd much rather use the Apache original which is much
  more reliable […]

http://saxonica.blogharbor.com/blog/_archives/2009/6/26/4235816.html

Those are harsh comments, but I didn't have to do top-notch development
like Michael Kay to run into those bugs myself.

-- 
Michael Ludwig

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message