potiuk commented on PR #13293: URL: https://github.com/apache/cloudstack/pull/13293#issuecomment-4627608054
Thanks @DaanHoogland and @vishesh92 — all 17 threads are folded in; resolving them now. What changed / was confirmed: - **Config-setting names corrected** (vishesh92): `proxy.header.verify` / `proxy.header.names` / `proxy.cidr`, `enforce.post.requests.and.timestamps`, `user.password.encoders.order` (+`.exclude`), `ca.framework.cert.management.custom.san`, and `ca.plugin.root.auth.strictness` (default `true` for new setups; `false` only on pre-Aug-2017 upgrade). Dropped `api.signature.version` (not in code). - **Secondary-storage download links** (§6/§11a): UUID-named symlinks, no auth on the link, removed after a window → `BY-DESIGN` (timed-availability mitigation); a non-removed or guessable link is `VALID-HARDENING`. Noted your "re-test in code" point + Daan's "why didn't static analysis catch this" as a scan-agent note. - **noVNC** (§3/§11a): vendored fork, bugs go upstream; recorded there's no automated dependency-update procedure today and the PMC would like one. - **Deployment shape**: single management-server *or* clustered — both supported (your wording). - §14 Q1–Q7 + Q12 now resolved/struck per your confirmations. Two items are PMC follow-ups, not model changes: (a) re-test/confirm the download-link TTL in code, (b) establish a dependency-update procedure for noVNC. The model is the PMC's to merge whenever — thanks for the thorough review. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
