On 13/02/2020 15:31, Christopher Schultz wrote:
My question would be "why do so many have AJP connectors where no
'address' attribute was specifically configured?"

The answer to the question "why change the default?" is: "because the
default was essentially insecure, in a way that wasn't obvious to
someone who wasn't paying close attention."

So we are forcing users to pay closer attention. If you want to open
your AJP instance to the "whole world", then you can explicitly bind
to just as the previous default. Similarly, if you don't
want to use the "secret" setting, then you can explicitly disable it.
But the defaults will no longer let you be "insecure" without knowing it

Obviously, there are ways to have a "secure" installation while using and/or secretRequired="false". But having those things in
the configuration right in front of you make it clear that some
decision has been made, rather than hiding (potential) danger behind
insecure defaults.

Why make this change in a point-release and not a major one? Because
we felt it was important enough to do so.

Will this disrupt some environments? Yes, it will. But the path to
fixing it is to make one (or two) small edits to your configuration
files which are surely under revision-control and automatically
pushed-out to these hundreds-of-nodes clusters everyone is worried
about, right? Well, then, change your configs and push them out there
along with your upgrade of Tomcat and all will be well.

- -chris

Thank you Christopher for those complements.
And thank you all for your disponibility.

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to