You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2023/02/15 19:13:49 UTC

[tomcat] branch main updated: Fix BZ 66429 - limit docs and examples to localhost by default

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 8b29822b21 Fix BZ 66429 - limit docs and examples to localhost by default
8b29822b21 is described below

commit 8b29822b218c67e3b02a350a0a44f3b8d043ea9d
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Feb 15 19:13:28 2023 +0000

    Fix BZ 66429 - limit docs and examples to localhost by default
---
 webapps/docs/META-INF/context.xml     |  5 ++++-
 webapps/docs/changelog.xml            | 12 ++++++++++++
 webapps/examples/META-INF/context.xml |  2 ++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/webapps/docs/META-INF/context.xml b/webapps/docs/META-INF/context.xml
index b605411ce6..ce7bd255d6 100644
--- a/webapps/docs/META-INF/context.xml
+++ b/webapps/docs/META-INF/context.xml
@@ -15,4 +15,7 @@
   See the License for the specific language governing permissions and
   limitations under the License.
 -->
-<Context antiResourceLocking="false" ignoreAnnotations="true"/>
+<Context antiResourceLocking="false" ignoreAnnotations="true">
+  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
+</Context>
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 85ef784377..145fdaa5ad 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -224,6 +224,18 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Web applications">
+    <changelog>
+      <fix>
+        <bug>66429</bug>: Documentation. Limit access to the documentation web
+        application to localhost by default. (markt)
+      </fix>
+      <fix>
+        <bug>66429</bug>: Examples. Limit access to the exmaples web application
+        to localhost by default. (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Other">
     <changelog>
       <update>
diff --git a/webapps/examples/META-INF/context.xml b/webapps/examples/META-INF/context.xml
index 31e7fb601e..611394516d 100644
--- a/webapps/examples/META-INF/context.xml
+++ b/webapps/examples/META-INF/context.xml
@@ -18,4 +18,6 @@
 <Context ignoreAnnotations="true">
   <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
                    sameSiteCookies="strict" />
+  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
 </Context>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org