On 24/06/2025 14:28, Hrvoje Lončar wrote:
Thanks!
50 as default would be much better and I guess it will cover the most of
cases.
Just out of curiosity, does CSRF protection implemented hepls with attack
or it does not matter?
On its own, CSRF protection won't help you here.
However, CSRF prot
Thanks!
50 as default would be much better and I guess it will cover the most of
cases.
Just out of curiosity, does CSRF protection implemented hepls with attack
or it does not matter?
On Mon, 23 Jun 2025, 09:02 Mark Thomas, wrote:
> On 23/06/2025 01:17, Hrvoje Lončar wrote:
> > If someone else
On 23/06/2025 01:17, Hrvoje Lončar wrote:
If someone else has a problem with latest "security fix",
here is a working solution to run your Spring Boot app directly from
Eclipse STS
without installing a Tomcat and deploying to it.
Now you can submit forms the same way as you did before.
You can fi
If someone else has a problem with latest "security fix",
here is a working solution to run your Spring Boot app directly from
Eclipse STS
without installing a Tomcat and deploying to it.
Now you can submit forms the same way as you did before.
You can filter out my fix from production environment
The actual problem now is my embedded Tomcat when I start my Spring Boot
app from Eclipse STS:
I get the same error, but I don't know where to configure Tomcat and where
to add this new paramerer.
Anyone?
On Fri, Jun 20, 2025 at 1:28 PM Maxim Solodovnik
wrote:
> from mobile (sorry for typos ;)
>
from mobile (sorry for typos ;)
On Fri, Jun 20, 2025, 18:16 Hrvoje Lončar wrote:
> Well, I should say it was a weird way to fix it.
>
> For example, if you don't have a DoS attack
AFAIK defaults should be set to the values preventing DoS
Waiting for the DoS is not a good idea :)
and you upg
Well, I should say it was a weird way to fix it.
For example, if you don't have a DoS attack and you upgrade your Tomcat,
that would be a big surprise as it was to me.
Lucky me I have nice users that contacted me and told me some features of
my web app stopped working.
Moving to next minor release
On 20/06/2025 11:54, Hrvoje Lončar wrote:
Thank you very much
Mark ThomasThat was the case :(
Absolutely weird to make such a major change in a minor release from
NN.MM.39 to NN.MM.42
It was a response to a DoS security vulnerability.
Feel free to add your views on what the defaults should be
Thank you very much
Mark ThomasThat was the case :(
Absolutely weird to make such a major change in a minor release from
NN.MM.39 to NN.MM.42
On Fri, Jun 20, 2025 at 10:01 AM Mark Thomas wrote:
> On 20/06/2025 02:07, Hrvoje Lončar wrote:
> > Hi!
> >
> > Hope it's the right place to ask for hel
On 20/06/2025 02:07, Hrvoje Lončar wrote:
Hi!
Hope it's the right place to ask for help or/and advice.
Few days ago I switched to latest Tomcat 10.1.42.
After deyploy POST is not working due to missing CSRF token.
When I inspect HTTP request, CSRF token is in a payload as "_csrf" and the
value i
Hi!
Hope it's the right place to ask for help or/and advice.
Few days ago I switched to latest Tomcat 10.1.42.
After deyploy POST is not working due to missing CSRF token.
When I inspect HTTP request, CSRF token is in a payload as "_csrf" and the
value is correct.
But at the backend side I get
*
11 matches
Mail list logo
