Hi Datafarians,
A recently discovered vulnerability on several Apache Tomcat versions may be affecting your Datafari CE installs. You have two ways to mitigate it:
Option 1: Remove your current install (or manually migrate, but this depends on your version and what you have done on it) and use the latest Datafari CE release, namely 4.4.1 that includes the fix
Option 2: Apply yourself the fix on your own install, since it is fairly easy.
In case you prefer option 2: Here is what you need to modify:
Go to datafari-tomcat-mcf/conf/server.xml and replace this line:
- <Connector port="@AJP_PORT@" protocol="AJP/1.3" redirectPort="@SSL_PORT@" />
- with the following:
- <!-- <Connector port="@AJP_PORT@" protocol="AJP/1.3" redirectPort="@SSL_PORT@" /> -->
Go to datafari-tomcat/conf/server.xml and replace this line:
- <Connector port="@AJP_PORT@" protocol="AJP/1.3" redirectPort="@SSL_PORT@" />
- with the following:
- <!-- <Connector port="@AJP_PORT@" protocol="AJP/1.3" redirectPort="@SSL_PORT@" /> -->
And with this you are done !
Regards,
Cedric