Hi All,

I am encountering a strange issue. I am upgrading tomcat to resolve a vulnerability found from VA scan. The fix is to upgrade to Tomcat 9.0.69[/u] or higher.

I have decided to install Tomcat 9.0.71 but i encountered the error [u]Java.SQLSQLException The url cannot be null[/u] when i am trying to validate the database connection for my Orchestration Designer IVR application..

Does anyone have any idea on how to resolve this issue? The database connection succeeds when deployed with Tomcat 6.0.68.
The jdbc driver version used is mssql-jdbc-7.2.1.jre8.jar[u]

Edit: Just tried with Tomcat 9.0.70, AAOD IVR Application Database Validation works.

Hi.

As I could understand, you just replaced the previous working Tomcats (9.0.68/9.0.70) with 9.0.71 (so same JDBC driver mssql-jdbc-7.2.1.jre8.jar, same Java 1.8, same 'database.properties' file ). Is this correct ?

Did you change the URL in the 'database.properties' file ?

Another cause could be the 'database.properties' file isn't where the Java code is expecting it to be. Maybe the Apache Tomcat 9.0.71 changed something compared to 9.0.68 and 9.0.70

Is this https://www.tenable.com/plugins/nessus/169459 the vulnerability ?

Given "9.0.70, AAOD IVR Application Database Validation works." this really sounds like a problem with tomcat 9.0.71 and not with OD itself.

It seems like we are getting the same error with tomcat 9.0.72. Could there be an issue with AAOD library files ability to connect to database with the new tomcat release?

Validation Error


Context File

I can see the pictures now. The context seems fine. You can also investigate on the Apache Tomcat side.

I was looking at the change log for 9.0.71 and i saw this entry

Tomcat changeLog: https://tomcat.apache.org/tomcat-9.0-doc/changelog.html

Bug 66388: https://bz.apache.org/bugzilla/show_bug.cgi?id=66388
Fix: 66388: Correct a regression in the refactoring that replaced the use of the URL constructors. The regression broke lookups for resources that contained one or more characters in their name that required escaping when used in a URI path. (markt)

Bug 66409 (Marked as duplicate to 66388): https://bz.apache.org/bugzilla/show_bug.cgi?id=66409
There was something in 66409 that indicates change in how url is called:

Some investigation on our side showed that org.apache.cataline.webresources.AbstractArchiveResource#getURL() has changed from version 7.0.69 to 7.0.70. Instead of using the java.net.URL directly, java.net.URI(url).toURL() is used now. The problem is, that the URL is not encoded properly.

is this related? The weird thing is that the bug is supposed to be related to blank spaces in url but the url in context file does not have blank spaces.

The issue seems present on 9.0.75 as well. maybe the context parameters are no longer supported. Try with the latest 9.0.76:

https://tomcat.apache.org/download-90.cgi