tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Ludwig <>
Subject Re: HTTP Status 500 - Server Internal Error
Date Mon, 20 Dec 2010 23:57:42 GMT
Moin Chris,

Christopher Schultz schrieb am 20.12.2010 um 15:18 (-0500):
> On 12/19/2010 7:35 AM, Michael Ludwig wrote:
> > In the case of Xerces, however, it is preferable to put the JAR(s)
> > into %CATALINA_HOME%\endorsed (which may not exist but may be
> > created) so they will be available to all of Tomcat and outmatch the
> > Sun fork shipping with the JRE.
> I'm not sure I'd recommend this unless no other option will work:
> overriding the vendor-supplied XML parser with one that is quite old
> (as Xerces 2.6.1 appears to be) may open you up to security
> vulnerabilities as well as other incompatibilities with the library.

I must have overlooked the ancient Xerces version, and the fact that it
is bundled with Jena. I wonder why they're using such an old version?
I don't recommend putting that into endorsed/. Thanks for catching this.

In general, however, I would prefer Apache Xerces to the Sun fork,
especially when using JDK 1.6. I've hit a couple of bugs in the Sun
fork, and I'm not the only one.

  I've already seen so many bugs in the Sun JDK 1.6 Xerces version that
  I recommend people never to use it for production work […]

  In fact, at some stage I'd like to get rid of the Parse module: this
  module holds the Sun fork of the Apache Xerces parser, which is
  horribly buggy; I'd much rather use the Apache original which is much
  more reliable […]

Those are harsh comments, but I didn't have to do top-notch development
like Michael Kay to run into those bugs myself.

Michael Ludwig

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message