All, https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
Mark's official report to the users' list indicates that setting a "secret" for the AJP connection does the trick. (I tried this myself before digging-up his message and can confirm that the sample code fails when a "secret" is set). Should we mention this on the Security page directly for those who didn't read the announcement on the users' list? Thanks, -chris
signature.asc
Description: OpenPGP digital signature
