https://issues.apache.org/bugzilla/show_bug.cgi?id=55372
Bug ID: 55372 Summary: Bind JPDA_ADDRESS by default to lcaolhost Product: Tomcat 8 Version: 8.0.0-RC1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: 1983-01...@gmx.net The default setting of JPDA_ADDRESS=8000 poses some security risk. In many corporate environments daily or weekly security scans are normal. People, like me, sometimes forget to shutdown Tomcat in debug mode. Port 8000 is open to anyone. Default JPDA_ADDRESS should be changed to localhost:8000 to minimize security scan reports and possible VM hijacks. Since this is a breaking change, this can be done for Tomcat 8. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org