'Re: Tomcat 9.0.72 and New Relic APM java agent issues'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    Re: Tomcat 9.0.72 and New Relic APM java agent issues
From:       Mark Thomas <markt () apache ! org>
Date:       2023-03-17 14:34:20
Message-ID: 39022c2f-b5f9-7ec5-21fb-0f10f9a9146f () apache ! org
[Download RAW message or body]

On 17/03/2023 14:02, Roe, Jennifer L wrote:
> Hi,
> 
>     We have opened a case with New Relic. The behavior exists with the 
> 7.11.1 and 8.0.1 java agents per multiple applications teams. [The 
> behavior was first noticed with Tomcat 9.0.72; Tomcat 9.0.73 which was 
> released shortly after 9.0.72 also experiences this behavior.]
> 
>     The app teams stated disabling the java agent allows the application 
> to function as expected. However, without the agent our observability 
> and monitoring of the applications takes a hit as metrics are not available.
> 
>     Could this be related to fix 66441?
> 
> Fix:66441 <https://bz.apache.org/bugzilla/show_bug.cgi?id=66441>: Make 
> imports of static fields in JSPs visible to any EL expressions used on 
> the page. (markt)

On one hand that is one of only two code changes (the other changes for 
formatting and/or comments) in the org.apache.jasper packages between 
9.0.71 and 9.0.72 so it seems possible. On the other hand, I'm 
struggling to see how either of those code changes could cause the sort 
of corruption being observed.

I'm be interested in hearing New Relic's explanation for this.

Mark


> 
> Regards,
> 
> Joel
> 
> Nationwide is on your side.
> 
> 	
> 
> *Jennifer Roe*
> 
> Consultant, Technology Engineer
> 
> Proud Nationwide Member
> 
> Middleware Technology
> 
> roej4@nationwide.com
> 
> /FORTUNE® and Time Inc. are not affiliated with, and do not endorse the 
> products or services of, Nationwide Mutual Insurance Company./
> 
> *From:* Thomas Meyer <thomas@m3y3r.de>
> *Sent:* Friday, March 17, 2023 9:27 AM
> *To:* Tomcat Users List <users@tomcat.apache.org>; Roe, Jennifer L 
> <ROEJ4@nationwide.com>
> *Cc:* Whitesel, Joel M <WHITJ12@nationwide.com>; Adcock, Troy Allen 
> <troy.adcock@nationwide.com>; Abbott, William H (Bill) 
> <bill.abbott@nationwide.com>
> *Subject:* [EXTERNAL] Re: Tomcat 9.0.72 and New Relic APM java agent issues
> 
> *Nationwide Information Security Warning: **This is an 
> **EXTERNAL****email. *Use *CAUTION****before clicking on links, opening 
> attachments, or responding.*(*Sender:*thomas@m3y3r.de 
> <mailto:thomas@m3y3r.de>)
> 
> ------------------------------------------------------------------------
> 
> Hi,
> 
> We may see something similar with tomcat 9.0.73 and jsp pages.
> 
> Need to test with newrelic app disabled.
> 
> Did you already create a case with newrelic with this problem?
> 
> Mfg
> Thomas
> 
> Am 13. März 2023 20:18:12 MEZ schrieb "Roe, Jennifer L" 
> <ROEJ4@nationwide.com <mailto:ROEJ4@nationwide.com>>:
> 
>     We are using 9.0.73 Tomcat version and New Relic APM java agent
>     7.11.0, it seems we are missing the injected New Relic script and
>     the DOM looks much different than in 9.0.71. Looks as though it's
>     incorrectly escaping certain html tags as if they're text (EG:
>     changing < to "/&gt")
> 
>     In our application login page is not fully displayed and we see the
>     following at the bottom:
> 
>     This field is required.", }, "j_password": { required: "This field
>     is required.", }, }, showErrors: function (errorMap, errorList) {
>     var numOfInvalids = this.numberOfInvalids(); if (numOfInvalids != 0)
>     { $("#loginErrorSummary").html("
> 
>     Version 9.0.72 is when this was first noticed, nothing seemed to
>     change with .73 and the New Relic version has remained the same 7.11.0.
> 
>     We have run a test with New Relic 8.01 agent with the same results
> 
>     System details:
> 
>     Ubuntu 20.04.5 LTS
> 
>     OpenJDK Runtime Environment Temurin-17.0.6+10
> 
>     Example of where it seems to be doing an incorrect escape on the
>     html produced from our .jsp
> 
>     Working page 9.0.71
> 
>     <form id="loginForm" name="LoginForm" action="spring_security_check"
>     method="post" novalidate="novalidate">
> 
>          <input type="hidden" name="redirectUri" value="">
> 
>          <div class="container page-container">
> 
>              <div class="page-content">
> 
>                  <div class="row">
> 
>                      <div class="col-sm-8 col-lg-6">
> 
>     Not working 9.0.73
> 
>     <form id="loginForm" name="LoginForm" action="spring_security_check"
>     method="post">
> 
>          "/&gt;
> 
>     Thanks
> 
>     Nationwide is on your side.
> 
>     	
> 
>     *Jennifer Roe*
> 
>     Consultant, Technology Engineer
> 
>     Proud Nationwide Member
> 
>     Middleware Technology
> 
>     roej4@nationwide.com <mailto:roej4@nationwide.com>
> 
>     /FORTUNE® and Time Inc. are not affiliated with, and do not endorse
>     the products or services of, Nationwide Mutual Insurance Company./
> 
> -- 
> Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic