Bug#959937: tomcat9: update to tomcat9:amd64 9.0.31-1~deb10u1 breaks application
Michael Meier
schissdraeck at rmm.li
Thu May 7 16:58:18 BST 2020
On 07.05.20 06:31, Markus Koschany wrote:
>
> Am 07.05.20 um 10:04 schrieb Michael Meier:
>> Package: tomcat9
>> Version: 9.0.16-4
>> Severity: grave
>> Justification: renders package unusable
>>
>> I've just been called out of bed.
>> As it seems unattended-upgrades upgraded on a debian buster server
>> from:9.0.16-4 to 9.0.31-1~deb10u1
>> One of the installed webapps throws following error when trying to use it:
>>
>> [https-openssl-nio-8443-exec-13] ERROR org.zkoss.zk.ui.metainfo.Property -
>> Failed to assign [value=${i18n:rt('Benutzername')}] to <Label fLvPc>
>> Unable to find ExpressionFactory of type: # Licensed to the Apache Software
>> Foundation (ASF) under one or more
>>
>> Downgrading to 9.0.16-4 solves the issue.
> Have you read the changelog or the Debian security announcement before
> upgrading Tomcat 9 ? Does your application require the AJP protocol to
> work? Then you probably need to slightly change your Tomcat
> configuration. For more information please also refer to the official
> documentation at
>
> https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html
>
The application doesn't use ajp.
The sense of using unattended-upgrades and debian stable (no breaking
changes on updates) is not to read each security announcement in before.
I'm not working in an area, where anybody would (be able to) pay for that.
> If that does not solve your problem, then we need more information about
> your setup and configuration to debug the problem but note that we ship
> the latest upstream version basically unmodified, so this would be most
> likely an upstream bug.
I could trace it back to the zk library used:
https://bz.apache.org/bugzilla/show_bug.cgi?id=64097
https://tracker.zkoss.org/browse/ZK-4510
That seems to be a really really weird bug. If I understand it
correctly, it's the fault of zk, but I'm not 100% sure.
Anyway, as it seems if I manage to update the project to the new zk
major version, it's supposed to work again.
More information about the pkg-java-maintainers
mailing list