You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2021/02/05 22:26:13 UTC

[GitHub] [cloudstack] dingelish commented on issue #4590: Customized HostnameVerifier bypasses the hostname verification

dingelish commented on issue #4590:
URL: https://github.com/apache/cloudstack/issues/4590#issuecomment-774321502


   occasionally run into this issue. i'll strongly recommend at least "alert" by printing on stderr about the usage of "insecure by default implementations". recently lots of attackers are looking into such "default flaws" in famous/wide adopted frameworks, and then use some tools like "zoomeye" to find vulnerable "default"-configured instances. i'd say as Apache project maintainers/developers, we all want to make our projects trustworthy. how do you think? @DaanHoogland 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org