-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John,
On 4/17/20 13:02, rugman66 . wrote: > I have Apache 2.4.6 running as reverse proxy Stop right now and patch that thing. > for Tomcat 7.0.96 Not quite as old, but depending upon your environment, there may be some critical changes in later versions. (Looks like you are using mod_proxy_http and should therefore be okay for the worst of these issues). > both running SSL, and a functioning redirect from HTTP to HTTPS > for both Apache and Tomcat. > ( Need to use both these releases due to IT availability and app > requirements ) You (or someone else) is making a dangerous security decision by staying on these versions. If you can't get someone to change their mind, you may want to remove yourself from the situation or end up being blamed for your upcoming intrusion. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6dyYIACgkQHPApP6U8 pFjvUw/9EW+34NLWMDALVUoh5hWdvDChoozLAO34a27TAqtqZWqG+QQUKRJId64y pHrFWrH2P+3E9VqkMdKrXVmQLFX7NJJfCzN1eB1PcQuWs/JOCoFCGKgM6V/MTgpq QucO/kQ5r1YJge1Us9KmF+FHLdHCFfzB20vUcL6BoteVTnd/j5BQ3mHGOuy3Lnja SJC4WX9AJF6vFixLL0AMRif+0njQY3NarXvOFppGBNA0cfWdqYv5SZxe9p1K80sB y0z71v2S1+Cex+4Rmpk86Eq6kWdG1UTpRbmasr6IKlQ11pgsykUwPbbREUxu5rQQ /HUCx5nugYRbnOTMklLdU1DCqA+kypS749bEm28YtPVUCz5GUUJSJp+rG92tTWl5 RxUprl0it+4dVV/jjIigMjkosp2sBm8lkuFNcsSGiH1zTof2fIRnxVtYOtrzhs63 5iDxjRKrLdG7F1UZDrGal7adGJ3677RT+ZYE2ZzBr08tx3FAlKQ6jk816wE7egn4 cH4XEwk6YAJuxMXtNLRooz4eEJgo3BrxJT4TJNvdlaIijFt9XeIwHDhlvzdHOmhe GTTbtzH0AASoBSMh97TzZ9ktpnQ+tEQvq9bhGpjoJfCSs1wEw2a/x3uA/Qjc7kcb CJlTeiqtoytfNF+IhJvJANg6hiYKmo5L7cwUWtyyXdS4MK6ZdnM= =8RC0 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org