[Bug 62455] CORS filter cors.allowed.origins does not default to "*" anymore

[bu...@apache.org]

https://bz.apache.org/bugzilla/show_bug.cgi?id=62455

--- Comment #1 from Konstantin Kolinko <kn...@gmail.com> ---
Looking at your version number (8.0.32), it is likely that you are using not
the official version of Tomcat from tomcat.apache.org, but a repackaged version
from a Linux vendor.

As the security issue with bug 62343 (CVE-2018-8014) was reported publicly
(instead of proper responsible disclosure route) and as it can be solved by a
simple configuration change and does not need recompilation, it was decided to
announce it earlier than usual without waiting for an official release of a
patched version.  It might be that your Linux vendor have already applied the
security patch and thus your defaults have already changed.

The online copy of documentation will be updated when 8.0.53 (or later) is
officially released. Documentation for current development version is published
by CI server (buildbot) and can be found by following the links here:
http://tomcat.apache.org/ci.html#Documentation_snapshots


See also
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.53

EOL announcement for Tomcat 8.0
http://tomcat.apache.org/tomcat-80-eol.html

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org