https://nvd.nist.gov/vuln/detail/CVE-2020-1938
-----Original Message----- From: stephane passignat <passig...@hotmail.com> Sent: Sunday, April 12, 2020 4:00 AM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Alternatives for AJP Hi Which vulnerability are you mentioning ? Thanks Envoyé par BlueMail Le 10 avr. 2020 à 17:45, à 17:45, David Cleary <da...@progress.com> a écrit: >Some of our customers are currently using the AJP connector. Given the >vulnerability and breaking change to address it, now may be a good time >to prompt them look at alternatives. One requirement is HTTPS support. >What are the alternatives when hosting Tomcat behind Apache httpd, >nginx, or IIS? I do remember a presentation I thought was pretty good >at Apachecon in Miami on connectors a few years ago. Has there been >anything new that has come out since then? Are there any >recommendations on what is best to replace AJP13? > >Thanks >Dave
