View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0002616 | SymmetricDS | Improvement | public | 2016-05-26 13:35 | 2016-06-10 14:22 |
Reporter | mmichalek | Assigned To | mmichalek | ||
Priority | normal | ||||
Status | closed | Resolution | fixed | ||
Product Version | 3.7.33 | ||||
Target Version | 3.7.34 | Fixed in Version | 3.7.34 | ||
Summary | 0002616: Tighten up default Jetty HTTP security settings | ||||
Description | 1. Disallow directory listings from Jetty. 2. Disallow the OPTIONS HTTP method by default. This change allows for 3 new properties in symmetric-server.properties: server.allow.dir.list=true|false, default is false. server.allow.http.methods=a comma delimited list of HTTP methods which are allowed. When specified, methods that are not in this list will be forbidden (HTTP 403). e.g. "GET,POST,HEAD". default is blank. server.disallow.http.methods=a comma delimited list of HTTP methods which are NOT allowed. Any method on this list will always result in HTTP 403. The default value is "OPTIONS". | ||||
Tags | No tags attached. | ||||
SymmetricDS: 3.7 e3a2d9ae 2016-06-02 16:23:09 Details Diff |
0002616: Tighten up default Jetty HTTP security settings |
Affected Issues 0002616 |
|
mod - symmetric-core/src/main/java/org/jumpmind/symmetric/common/ServerConstants.java | Diff File | ||
mod - symmetric-server/src/main/java/org/jumpmind/symmetric/SymmetricWebServer.java | Diff File | ||
add - symmetric-server/src/main/java/org/jumpmind/symmetric/web/HttpMethodFilter.java | Diff File |
Date Modified | Username | Field | Change |
---|---|---|---|
2016-05-26 13:35 | mmichalek | New Issue | |
2016-05-26 13:35 | mmichalek | Status | new => assigned |
2016-05-26 13:35 | mmichalek | Assigned To | => mmichalek |
2016-06-02 20:18 | mmichalek | Description Updated | View Revisions |
2016-06-02 20:32 | mmichalek | Status | assigned => resolved |
2016-06-02 20:32 | mmichalek | Resolution | open => fixed |
2016-06-02 20:32 | mmichalek | Fixed in Version | => 3.7.34 |
2016-06-02 21:00 | mmichalek | Changeset attached | => SymmetricDS 3.7 e3a2d9ae |
2016-06-10 14:22 | elong | Status | resolved => closed |