IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
c77f4213e9
freeipa/ipaserver/install/server
History
Alexander Bokovoy ec73de969f Secure AJP connector between Dogtag and Apache proxy 
AJP implementation in Tomcat is vulnerable to CVE-2020-1938 if used
without shared secret. Set up a shared secret between localhost
connector and Apache mod_proxy_ajp pass-through.

For existing secured AJP pass-through make sure the option used for
configuration on the tomcat side is up to date. Tomcat 9.0.31.0
deprecated 'requiredSecret' option name in favor of 'secret'. Details
can be found at https://tomcat.apache.org/migration-9.html#Upgrading_9.0.x

Fixes: https://pagure.io/freeipa/issue/8221

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-03-11 17:41:17 +01:00
..
__init__.py DNS install check: allow overlapping zone to be from the master itself 2019-12-12 18:24:44 +01:00
install.py adtrust: print DNS records for external DNS case after role is enabled 2020-02-13 21:20:13 +02:00
replicainstall.py adtrust: print DNS records for external DNS case after role is enabled 2020-02-13 21:20:13 +02:00
upgrade.py Secure AJP connector between Dogtag and Apache proxy 2020-03-11 17:41:17 +01:00