Coty,
On 6/6/24 11:34, Coty Sutherland wrote:
On Thu, Jun 6, 2024 at 10:46 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:
All,
I'd like to remove the <!-- and --> around the SecureLifecycleListener
in conf/server.xml that we bundle with Tomcat distributions.
Before I do so, are there any objections to making this change?
No objections from me. I might suggest making the default
buildDateWarningAgeDays something like 6 months though rather than no
default. If we're trying to encourage secure practices warning about older
builds should be part of that config change IMO
I got some pushback from the folks who have to support Tomcat for
decades which is why it's disabled by default.
I'll keep pushing :)
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
