subject:"Bug#839778\: jetty\: Misleading comments in \/etc\/default\/jetty"

Bug#839778: jetty: Misleading comments in /etc/default/jetty

2016-10-05 Thread Emmanuel Bourg

Le 4/10/2016 à 22:18, Chris Chiappa a écrit :

> /etc/default/jetty says:
> 
> # Listen to connections from this network host
> # Use 0.0.0.0 as host to accept all connections.
> # Uncomment to restrict access to localhost
> #JETTY_HOST=$(uname -n)
> 
> However, setting JETTY_HOST to the actual host name causes it to still
> be reachable from third party hosts.  I need to explicitly set it to
> "localhost" to get it to only be reachable from localhost.

Hi Chris,

Thank you for the feedback. Note that Jetty 6 is quite old and has been
removed from the next stable release (Stretch). Switching to the jetty8
package (or jetty9 in the Jessie backports) is recommended. jetty8 has
the same comment in its /etc/default file and is probably affected by
the same issue, but the JETTY_HOST variable has been removed from the
jetty9 package (the host is now configured in the /etc/jetty9/start.ini
file).

Emmanuel Bourg

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#839778: jetty: Misleading comments in /etc/default/jetty

2016-10-04 Thread Chris Chiappa

Package: jetty
Version: 6.1.26-3
Severity: normal

/etc/default/jetty says:

# Listen to connections from this network host
# Use 0.0.0.0 as host to accept all connections.
# Uncomment to restrict access to localhost
#JETTY_HOST=$(uname -n)

However, setting JETTY_HOST to the actual host name causes it to still
be reachable from third party hosts.  I need to explicitly set it to
"localhost" to get it to only be reachable from localhost.


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages jetty depends on:
ii  adduser  3.115
ii  apache2-utils2.4.23-5
ii  default-jre-headless [java5-runtime-headless]2:1.8-57
ii  jsvc 1.0.15-6
ii  libjetty-java6.1.26-5
ii  openjdk-7-jre-headless [java5-runtime-headless]  7u95-2.6.4-3
ii  openjdk-8-jre-headless [java5-runtime-headless]  8u102-b14.1-2
ii  openjdk-9-jre-headless [java5-runtime-headless]  9~b133-1

jetty recommends no packages.

Versions of packages jetty suggests:
ii  libjetty-extra   6.1.26-5
ii  libjetty-extra-java  6.1.26-5
pn  libjetty-java-doc

-- Configuration Files:
/etc/default/jetty changed:
NO_START=0
VERBOSE=yes
JETTY_HOST=localhost

/etc/jetty/jetty.xml changed:

http://jetty.mortbay.org/configure.dtd";>












  
10
200
20
  
  








  
  


3
2
false
8443
5000
5000
65536

  
  




















 


  

 
   
 
   
   
 
   
   
 
   
 

  














  

  
  /contexts
  5

  















  

  
  /webapps
  false
  true
  false
  /etc/webdefault.xml

  









  

  
Test Realm
/etc/realm.properties
0
  

  









  

  /_mm_dd.request.log
  _MM_dd
  90
  true
  false
  false
  GMT

  




true
true
true
1000



-- no debconf information

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#839778: jetty: Misleading comments in /etc/default/jetty

Bug#839778: jetty: Misleading comments in /etc/default/jetty

2 matches

Site Navigation

Mail list logo

Footer information