On 13/02/2020 15:31, Christopher Schultz wrote:
My question would be "why do so many have AJP connectors where no 'address' attribute was specifically configured?" The answer to the question "why change the default?" is: "because the default was essentially insecure, in a way that wasn't obvious to someone who wasn't paying close attention." So we are forcing users to pay closer attention. If you want to open your AJP instance to the "whole world", then you can explicitly bind to 0.0.0.0/:: just as the previous default. Similarly, if you don't want to use the "secret" setting, then you can explicitly disable it. But the defaults will no longer let you be "insecure" without knowing it . Obviously, there are ways to have a "secure" installation while using 0.0.0.0/:: and/or secretRequired="false". But having those things in the configuration right in front of you make it clear that some decision has been made, rather than hiding (potential) danger behind insecure defaults. Why make this change in a point-release and not a major one? Because we felt it was important enough to do so. Will this disrupt some environments? Yes, it will. But the path to fixing it is to make one (or two) small edits to your configuration files which are surely under revision-control and automatically pushed-out to these hundreds-of-nodes clusters everyone is worried about, right? Well, then, change your configs and push them out there along with your upgrade of Tomcat and all will be well. - -chris
Thank you Christopher for those complements. And thank you all for your disponibility. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
