On 01/07/2021 22:24, James H. H. Lampert wrote:
Also, I've got somebody complaining about CVE-2021-25329. I'm not sure I
understand what CVE-2021-25329 is, or what the underlying CVE-2020-9484
is.
If the person complaining about CVE-2021-25329 can't explain (or
demonstrate) why it is an is
On 02/07/2021 01:10, James H. H. Lampert wrote:
On 7/1/21 4:55 PM, in response to:
I will note, however, that the Tomcat servers in question are
*not* configured to listen on any ports other than HTTPS (either
443, 8443, or something else in that vein) and the shutdown port.
Shawn Heisey wrot
On 7/1/2021 6:10 PM, James H. H. Lampert wrote:
On 7/1/21 4:55 PM, Shawn Heisey wrote:
In that case, you don't need h2c, and probably don't want it.
O. . . . k.
That makes sense, so far, but how is it even enabled? Is there some way
I could have h2c enabled, with the situation I described (no
On 7/1/21 4:55 PM, in response to:
I will note, however, that the Tomcat servers in question are
*not* configured to listen on any ports other than HTTPS (either
443, 8443, or something else in that vein) and the shutdown port.
Shawn Heisey wrote:
In that case, you don't need h2c, and probab
On 7/1/2021 3:24 PM, James H. H. Lampert wrote:
On 6/21/21 9:42 AM, Christopher Schultz wrote:
If you are using h2c, you'll definitely want to 8.5.63 or later, as
there is a critical fix there.
My understanding, based on what I looked up a week and a half ago, is
that we're not using h2c, but
On 6/21/21 9:42 AM, Christopher Schultz wrote:
If you are using h2c, you'll definitely want to 8.5.63 or later, as
there is a critical fix there.
My understanding, based on what I looked up a week and a half ago, is
that we're not using h2c, but at the same time, don't think I fully
understan