You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2023/02/15 19:14:29 UTC

[tomcat] branch 10.1.x updated: Fix BZ 66429 - limit docs and examples to localhost by default

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new 15cce3d085 Fix BZ 66429 - limit docs and examples to localhost by default
15cce3d085 is described below

commit 15cce3d0856b544febc0a371e9c127ac9510b488
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Feb 15 19:13:28 2023 +0000

    Fix BZ 66429 - limit docs and examples to localhost by default
---
 webapps/docs/META-INF/context.xml     |  5 ++++-
 webapps/docs/changelog.xml            | 12 ++++++++++++
 webapps/examples/META-INF/context.xml |  2 ++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/webapps/docs/META-INF/context.xml b/webapps/docs/META-INF/context.xml
index 28ae2ddce0..ae6803be32 100644
--- a/webapps/docs/META-INF/context.xml
+++ b/webapps/docs/META-INF/context.xml
@@ -15,4 +15,7 @@
   See the License for the specific language governing permissions and
   limitations under the License.
 -->
-<Context antiResourceLocking="false" />
+<Context antiResourceLocking="false" >
+  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
+</Context>
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d90d0b2489..ddf4189f80 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -183,6 +183,18 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Web applications">
+    <changelog>
+      <fix>
+        <bug>66429</bug>: Documentation. Limit access to the documentation web
+        application to localhost by default. (markt)
+      </fix>
+      <fix>
+        <bug>66429</bug>: Examples. Limit access to the exmaples web application
+        to localhost by default. (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Other">
     <changelog>
       <update>
diff --git a/webapps/examples/META-INF/context.xml b/webapps/examples/META-INF/context.xml
index b6c932da14..2ae7e6682f 100644
--- a/webapps/examples/META-INF/context.xml
+++ b/webapps/examples/META-INF/context.xml
@@ -18,4 +18,6 @@
 <Context>
   <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
                    sameSiteCookies="strict" />
+  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
 </Context>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org