On 06/06/2024 16:30, Christopher Schultz wrote:
All,
Resurrecting this thread from 2019.
I'd like to remove the SSI configuration from conf/web.xml and put it
into webapps/docs/ssi-howto.html.
Are there any objections?
None here.
Do we want to go further and consider removing it entirely
On 06/06/2024 16:39, Christopher Schultz wrote:
All,
Resurrecting this thread from 2019.
I will be proceeding with this 4.5-year-old plan to extract the CGI
servlet to a separate JAR file to make it easy to "remove" from Tomcat
if operators would prefer to do such things.
I think I'll also
On 06/06/2024 18:13, Konstantin Kolinko wrote:
чт, 6 июн. 2024 г. в 17:49, Christopher Schultz :
All,
Tomcat's SecurityLifecycleListener currently checks the current working
user's name, the umask and not much else at the moment.
I'd like to add "administrator" as another username to look for
Hi all,
I have added the notes from yesterday's security day to the wiki.
https://cwiki.apache.org/confluence/display/TOMCAT/Security+Day+EU+2024
We discussed lots of things and while there are quite a few things the
folks present agreed would be worth doing, all the actaul decisions need
to
https://bz.apache.org/bugzilla/show_bug.cgi?id=69124
Bug ID: 69124
Summary: https://www.ninjaiptv.fr
Product: Tomcat Native
Version: unspecified
Hardware: PC
OS: All
Status: NEW
Severity: normal
https://bz.apache.org/bugzilla/show_bug.cgi?id=69124
--- Comment #1 from Layla! ---
Created attachment 39767
--> https://bz.apache.org/bugzilla/attachment.cgi?id=39767&action=edit
https://www.ninjaiptv.fr
--
You are receiving this mail because:
You are the assignee for the bug.
--
Hi All,
Due to the surge in spam BZs today, I propose implementing a security
mechanism to counter this issue and prevent further disruption to the
mailing list.
A potential solution could include a honeypot to identify and block bots,
as well as a reCaptcha to verify users. Additionally, should
Looks like a very productive day! Thanks for sharing the notes, Mark.
On Friday, June 7, 2024, Mark Thomas wrote:
> Hi all,
>
> I have added the notes from yesterday's security day to the wiki.
>
> https://cwiki.apache.org/confluence/display/TOMCAT/Security+Day+EU+2024
>
> We discussed lots of th
On 2024/06/07 08:05:34 Mark Thomas wrote:
> On 06/06/2024 16:30, Christopher Schultz wrote:
> > All,
> >
> > Resurrecting this thread from 2019.
> >
> > I'd like to remove the SSI configuration from conf/web.xml and put it
> > into webapps/docs/ssi-howto.html.
> >
> > Are there any objections?
Konstantin,
On 6/6/24 12:01, Konstantin Kolinko wrote:
чт, 6 июн. 2024 г. в 17:46, Christopher Schultz :
All,
I'd like to remove the around the SecureLifecycleListener
in conf/server.xml that we bundle with Tomcat distributions.
Before I do so, are there any objections to making this change
Coty,
On 6/6/24 11:34, Coty Sutherland wrote:
On Thu, Jun 6, 2024 at 10:46 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:
All,
I'd like to remove the around the SecureLifecycleListener
in conf/server.xml that we bundle with Tomcat distributions.
Before I do so, are there any
Konstantin,
On 6/6/24 11:26, Konstantin Kolinko wrote:
чт, 6 июн. 2024 г. в 17:44, Christopher Schultz :
All,
I'd like to change the existing webapps/ROOT/index.jsp to index.html and
remove the dynamic elements. Currently, the only truly dynamic element
in the whole file is this:
"
Copyright
Michael,
On 6/7/24 08:01, Michael Osipov wrote:
On 2024/06/07 08:05:34 Mark Thomas wrote:
On 06/06/2024 16:30, Christopher Schultz wrote:
All,
Resurrecting this thread from 2019.
I'd like to remove the SSI configuration from conf/web.xml and put it
into webapps/docs/ssi-howto.html.
Are ther
https://bz.apache.org/bugzilla/show_bug.cgi?id=69124
Chuck Caldarale changed:
What|Removed |Added
Summary|https://www.ninjaiptv.fr|SPAM SPAM SPAM SPAM
Resoluti
On Fri, Jun 7, 2024 at 8:52 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> Konstantin,
>
> On 6/6/24 11:26, Konstantin Kolinko wrote:
> > чт, 6 июн. 2024 г. в 17:44, Christopher Schultz <
> ch...@christopherschultz.net>:
> >>
> >> All,
> >>
> >> I'd like to change the existing web
Am 6. Juni 2024 17:26:27 MESZ schrieb Konstantin Kolinko
:
>чт, 6 июн. 2024 г. в 17:44, Christopher Schultz :
>>
>> All,
>>
>> I'd like to change the existing webapps/ROOT/index.jsp to index.html and
>> remove the dynamic elements. Currently, the only truly dynamic element
>> in the whole file
My 2c.
I think a new static page could easily make it clear what happened without
too much discomfort.
"Welcome to the NEW Apache Tomcat static landing page (replace this webapp
with your own... the old one, if deployed, is probably [here](/quickstart))"
etc. etc.
I would think that in a large
On 2024/06/07 12:54:44 Christopher Schultz wrote:
> Michael,
>
> On 6/7/24 08:01, Michael Osipov wrote:
> > On 2024/06/07 08:05:34 Mark Thomas wrote:
> >> On 06/06/2024 16:30, Christopher Schultz wrote:
> >>> All,
> >>>
> >>> Resurrecting this thread from 2019.
> >>>
> >>> I'd like to remove the
Somewhat related and tangential to the other conversations
Is it worth introducing a system property like
"-Dtomcat.security.harden=true". (Personally not sold yet on the idea)
Then when set to true ...
- It can go nuts with additional SecureLifecycleListener checks
- It can disable all OOTB
On Fri, Jun 7, 2024 at 10:33 AM Tim Funk wrote:
> Somewhat related and tangential to the other conversations
>
> Is it worth introducing a system property like
> "-Dtomcat.security.harden=true". (Personally not sold yet on the idea)
>
I think I'm +0 on this. Implementing something like this
https://bz.apache.org/bugzilla/show_bug.cgi?id=69125
Bug ID: 69125
Summary: Century Silicon City
Product: Tomcat Native
Version: 2.0.5
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: L
https://bz.apache.org/bugzilla/show_bug.cgi?id=69125
Century Silicon City changed:
What|Removed |Added
URL||https://www.centurysiliconc
https://bz.apache.org/bugzilla/show_bug.cgi?id=69125
Coty Sutherland changed:
What|Removed |Added
URL|https://www.centurysiliconc |
|ity.in/
https://bz.apache.org/bugzilla/show_bug.cgi?id=69125
Chuck Caldarale changed:
What|Removed |Added
Summary|Century Silicon City|SPAM SPAM SPAM SPAM
--
You are rece
https://bz.apache.org/bugzilla/show_bug.cgi?id=69125
Century Silicon City changed:
What|Removed |Added
Summary|SPAM SPAM SPAM SPAM |Century Silicon City
https://bz.apache.org/bugzilla/show_bug.cgi?id=69125
Coty Sutherland changed:
What|Removed |Added
URL|https://www.centurysiliconc |
|ity.in/
https://bz.apache.org/bugzilla/show_bug.cgi?id=69125
Chuck Caldarale changed:
What|Removed |Added
Summary|Century Silicon City|SPAM SPAM SPAM SPAM
--
You are rece
27 matches
Mail list logo
