[tomcat] 02/08: Security hardening. Limit JPDA to localhost by default.

markt Wed, 24 Jul 2019 14:13:46 -0700

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


commit 6000b7b1413b48af4c9aa55eb351fe52f661ce73
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jul 24 18:04:25 2019 +0100

    Security hardening. Limit JPDA to localhost by default.
---
 bin/catalina.bat           | 4 ++--
 bin/catalina.sh            | 4 ++--
 webapps/docs/changelog.xml | 8 ++++++++
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/bin/catalina.bat b/bin/catalina.bat
index a47def9..740ee03 100755
--- a/bin/catalina.bat
+++ b/bin/catalina.bat
@@ -74,7 +74,7 @@ rem   JPDA_TRANSPORT  (Optional) JPDA transport used when the 
"jpda start"
 rem                   command is executed. The default is "dt_socket".
 rem
 rem   JPDA_ADDRESS    (Optional) Java runtime options used when the "jpda 
start"
-rem                   command is executed. The default is 8000.
+rem                   command is executed. The default is localhost:8000.
 rem
 rem   JPDA_SUSPEND    (Optional) Java runtime options used when the "jpda 
start"
 rem                   command is executed. Specifies whether JVM should suspend
@@ -245,7 +245,7 @@ if not "%JPDA_TRANSPORT%" == "" goto gotJpdaTransport
 set JPDA_TRANSPORT=dt_socket
 :gotJpdaTransport
 if not "%JPDA_ADDRESS%" == "" goto gotJpdaAddress
-set JPDA_ADDRESS=8000
+set JPDA_ADDRESS=localhost:8000
 :gotJpdaAddress
 if not "%JPDA_SUSPEND%" == "" goto gotJpdaSuspend
 set JPDA_SUSPEND=n
diff --git a/bin/catalina.sh b/bin/catalina.sh
index 0d01c6c..1470fd1 100755
--- a/bin/catalina.sh
+++ b/bin/catalina.sh
@@ -69,7 +69,7 @@
 #                   command is executed. The default is "dt_socket".
 #
 #   JPDA_ADDRESS    (Optional) Java runtime options used when the "jpda start"
-#                   command is executed. The default is 8000.
+#                   command is executed. The default is localhost:8000.
 #
 #   JPDA_SUSPEND    (Optional) Java runtime options used when the "jpda start"
 #                   command is executed. Specifies whether JVM should suspend
@@ -303,7 +303,7 @@ if [ "$1" = "jpda" ] ; then
     JPDA_TRANSPORT="dt_socket"
   fi
   if [ -z "$JPDA_ADDRESS" ]; then
-    JPDA_ADDRESS="8000"
+    JPDA_ADDRESS="localhost:8000"
   fi
   if [ -z "$JPDA_SUSPEND" ]; then
     JPDA_SUSPEND="n"
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a262706..c6e7d52 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -68,6 +68,14 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Other">
+    <changelog>
+      <add>
+        Limit the default JPDA (remote debugging interface) listen address to
+        <code>localhost:8000</code>. (markt)
+      </add>
+    </changelog>
+  </subsection>
 </section>
 <section name="Tomcat 7.0.96 (violetagg)">
   <subsection name="Catalina">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/08: Security hardening. Limit JPDA to localhost by default.

Reply via email to