https://bz.apache.org/bugzilla/show_bug.cgi?id=66125
--- Comment #4 from Tim Funk ---
True - if that is the case - there is this: /manager/status?XML=true which is
xml, not JSON.
I'd wonder what additional metrics users were interested that are missing. (As
well as if its worth it to
https://bz.apache.org/bugzilla/show_bug.cgi?id=66125
--- Comment #3 from Mark Thomas ---
If we want to support provision of metrics to unprivileged or minimally
privileged users then I think we should consider a mechanism that doesn't
involve those users providing the JMX query that gets
https://bz.apache.org/bugzilla/show_bug.cgi?id=66125
--- Comment #2 from Tim Funk ---
100% agreed. I definitely need to add more to the docs to call this out.
For example - in manager-howto.xml - one tweak was the say WARNING instead of
NOTE.
I was hoping to hit the use case of people using
https://bz.apache.org/bugzilla/show_bug.cgi?id=66125
--- Comment #1 from Remy Maucherat ---
This enhancement is risky since if there's a problem somehow it will be an
immediate RCE CVE (once people start assuming they can safely expose JMX to the
world).
--
You are receiving this mail because:
