Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Using secret attribute in mod_proxy with AJP |
|
| Author |
|
tang_88888
Joined: 10 Jul 2015
Posts: 10
|
 Posted: Mon 09 Mar '20 5:18 Post subject: Using secret attribute in mod_proxy with AJP |
 |
|
In the Apache documentation (https://httpd.apache.org/docs/2.4/mod/mod_proxy_ajp.html), there is a "secret" attribute for the mod_proxy_ajp. But it mentioned it is "Supported since 2.4.42".
As the recent vulnerability (CVE-2020-1938) is about to apply a password between Apache HTTP server and Tomcat server using AJP protocol, are there any official release of Apache 2.4.42 to support the "secret"? |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Mon 09 Mar '20 12:20 Post subject: |
|
|
It is expected this month, no day set.
The fix is already accepted to go in 2.4.42 :
mod_proxy_ajp: Add "secret" parameter to proxy workers
to implement legacy AJP13 authentication. The attribute is now suggested/required by tomcat.
Coming day I planned to make a snap 2 available for VS16, see https://www.apachelounge.com/viewtopic.php?t=8441 |
|
| Back to top |
|
bthomas102
Joined: 13 Mar 2020
Posts: 2
Location: India,mumbai
|
| Posted: Thu 26 Mar '20 19:42 Post subject: |
|
|
Hi,
Do we have an update on the release date for 2.4.42 |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 692
|
|
| Back to top |
|
bthomas102
Joined: 13 Mar 2020
Posts: 2
Location: India,mumbai
|
| Posted: Wed 01 Apr '20 7:05 Post subject: |
|
|
| just wanted confirmation that the "secret" parameter is part of the 2.4.43 release. |
|
| Back to top |
|
|
|
|
|
|
