[
https://issues.apache.org/jira/browse/JSPWIKI-1230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18038121#comment-18038121
]
ASF subversion and git services commented on JSPWIKI-1230:
----------------------------------------------------------
Commit cff5d16ce9ff0d21254900aeb895f9096cb3bfd9 in jspwiki's branch
refs/heads/master from Alex O'Ree
[ https://gitbox.apache.org/repos/asf?p=jspwiki.git;h=cff5d16ce ]
JSPWIKI-1230 Preconfigured tomcat configurations should disable autoDeploy,
unpackWARs, showReport and showServerInfo by default
also implements the following security improvements on both the portable build
and the docker configuration
V-222979 sets tomcat's session timeout to 10 minutes
V-223009 tomcat Connector address attribute must be set.
V-223005 ENFORCE_ENCODING_IN_GET_WRITER must be set to true.
V-223003 RECYCLE_FACADES must be set to true.
V-222957 xpoweredBy attribute must be disabled.
V-222956 Autodeploy must be disabled.
V-222955 The deployXML attribute must be set to false in hosted environments.
V-222951 The shutdown port must be disabled.
V-222950 Stack tracing must be disabled.
V-222977 ErrorReportValve showReport must be set to false.
V-222975 ErrorReportValve showServerInfo must be set to false.
> Preconfigured tomcat configurations should disable autoDeploy, unpackWARs,
> showReport and showServerInfo by default
> -------------------------------------------------------------------------------------------------------------------
>
> Key: JSPWIKI-1230
> URL: https://issues.apache.org/jira/browse/JSPWIKI-1230
> Project: JSPWiki
> Issue Type: Improvement
> Reporter: Alex O'Ree
> Assignee: Alex O'Ree
> Priority: Major
> Labels: pull-request-available
>
> Preconfigured tomcat configurations should disable autoDeploy, unpackWARs,
> showReport and showServerInfo by default
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
