You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/07/24 21:13:23 UTC
[tomcat] 02/08: Security hardening. Limit JPDA to localhost by
default.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 6000b7b1413b48af4c9aa55eb351fe52f661ce73
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jul 24 18:04:25 2019 +0100
Security hardening. Limit JPDA to localhost by default.
---
bin/catalina.bat | 4 ++--
bin/catalina.sh | 4 ++--
webapps/docs/changelog.xml | 8 ++++++++
3 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/bin/catalina.bat b/bin/catalina.bat
index a47def9..740ee03 100755
--- a/bin/catalina.bat
+++ b/bin/catalina.bat
@@ -74,7 +74,7 @@ rem JPDA_TRANSPORT (Optional) JPDA transport used when the "jpda start"
rem command is executed. The default is "dt_socket".
rem
rem JPDA_ADDRESS (Optional) Java runtime options used when the "jpda start"
-rem command is executed. The default is 8000.
+rem command is executed. The default is localhost:8000.
rem
rem JPDA_SUSPEND (Optional) Java runtime options used when the "jpda start"
rem command is executed. Specifies whether JVM should suspend
@@ -245,7 +245,7 @@ if not "%JPDA_TRANSPORT%" == "" goto gotJpdaTransport
set JPDA_TRANSPORT=dt_socket
:gotJpdaTransport
if not "%JPDA_ADDRESS%" == "" goto gotJpdaAddress
-set JPDA_ADDRESS=8000
+set JPDA_ADDRESS=localhost:8000
:gotJpdaAddress
if not "%JPDA_SUSPEND%" == "" goto gotJpdaSuspend
set JPDA_SUSPEND=n
diff --git a/bin/catalina.sh b/bin/catalina.sh
index 0d01c6c..1470fd1 100755
--- a/bin/catalina.sh
+++ b/bin/catalina.sh
@@ -69,7 +69,7 @@
# command is executed. The default is "dt_socket".
#
# JPDA_ADDRESS (Optional) Java runtime options used when the "jpda start"
-# command is executed. The default is 8000.
+# command is executed. The default is localhost:8000.
#
# JPDA_SUSPEND (Optional) Java runtime options used when the "jpda start"
# command is executed. Specifies whether JVM should suspend
@@ -303,7 +303,7 @@ if [ "$1" = "jpda" ] ; then
JPDA_TRANSPORT="dt_socket"
fi
if [ -z "$JPDA_ADDRESS" ]; then
- JPDA_ADDRESS="8000"
+ JPDA_ADDRESS="localhost:8000"
fi
if [ -z "$JPDA_SUSPEND" ]; then
JPDA_SUSPEND="n"
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a262706..c6e7d52 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -68,6 +68,14 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Other">
+ <changelog>
+ <add>
+ Limit the default JPDA (remote debugging interface) listen address to
+ <code>localhost:8000</code>. (markt)
+ </add>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 7.0.96 (violetagg)">
<subsection name="Catalina">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org