This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push: new 8b29822b21 Fix BZ 66429 - limit docs and examples to localhost by default 8b29822b21 is described below commit 8b29822b218c67e3b02a350a0a44f3b8d043ea9d Author: Mark Thomas <ma...@apache.org> AuthorDate: Wed Feb 15 19:13:28 2023 +0000 Fix BZ 66429 - limit docs and examples to localhost by default --- webapps/docs/META-INF/context.xml | 5 ++++- webapps/docs/changelog.xml | 12 ++++++++++++ webapps/examples/META-INF/context.xml | 2 ++ 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/webapps/docs/META-INF/context.xml b/webapps/docs/META-INF/context.xml index b605411ce6..ce7bd255d6 100644 --- a/webapps/docs/META-INF/context.xml +++ b/webapps/docs/META-INF/context.xml @@ -15,4 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. --> -<Context antiResourceLocking="false" ignoreAnnotations="true"/> +<Context antiResourceLocking="false" ignoreAnnotations="true"> + <Valve className="org.apache.catalina.valves.RemoteAddrValve" + allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> +</Context> diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 85ef784377..145fdaa5ad 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -224,6 +224,18 @@ </fix> </changelog> </subsection> + <subsection name="Web applications"> + <changelog> + <fix> + <bug>66429</bug>: Documentation. Limit access to the documentation web + application to localhost by default. (markt) + </fix> + <fix> + <bug>66429</bug>: Examples. Limit access to the exmaples web application + to localhost by default. (markt) + </fix> + </changelog> + </subsection> <subsection name="Other"> <changelog> <update> diff --git a/webapps/examples/META-INF/context.xml b/webapps/examples/META-INF/context.xml index 31e7fb601e..611394516d 100644 --- a/webapps/examples/META-INF/context.xml +++ b/webapps/examples/META-INF/context.xml @@ -18,4 +18,6 @@ <Context ignoreAnnotations="true"> <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor" sameSiteCookies="strict" /> + <Valve className="org.apache.catalina.valves.RemoteAddrValve" + allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> </Context> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org