New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable Tomcat's HttpHeaderSecurityFilter #20058
Labels
Changelog: Skip
Not customer facing and never seen by customers issues
Merged
OKR : Security & Privacy
Owned by Mehdi
QA : Approved
QA : Passed Internal
Release : 5.3.8.6
Included in LTS patch release 5.3.8.6
Release : 21.03
Type : Enhancement
Comments
wezell
added a commit
that referenced
this issue
Mar 8, 2021
This was
linked to
pull requests
Mar 8, 2021
dsilvam
pushed a commit
that referenced
this issue
Mar 9, 2021
Security headers are found:
|
Fixed, tested on release 21.03 // Postgres // FF |
dsilvam
pushed a commit
that referenced
this issue
Mar 16, 2021
dsilvam
added a commit
that referenced
this issue
Mar 18, 2021
* Fixing Task201014UpdateColumnsValueInIdentifierTableTest (#20026) * Fixing test * run-all * Refactoring validations after code review suggestion * run-all Co-authored-by: Nollymar Longa <> * Updating core-web version * new core-web artifact * 19992 rebuild es client on illegal state exception (#20014) * #1992 Rebuild REST High Level Client if Reactor stopped * #1992 remove not-needed code * #1992 remove not-needed code * #19992 Default impl for rebuildClient. Move rebuilding to seperate catch * #19992 Rebuild client on IllegalState Reactor wrapped and unwrapped * #19992 null-check Co-authored-by: Daniel Silva <daniel.silva@dotcms.com> * Update coreWebReleaseVersion * Issue 20038 samesite strict (#20051) * #20038 redirect using html form * #20038 html based redirect * Updating starter version to 20210305 * new core-web version * Update coreWebReleaseVersion * #19772 Avoid Login when a logout request is sent (#20037) * #19772 Avoid Login when a logout request is sent * #19772 Add test to the MainSuite * #20058 turn on security options (#20061) * Upgrade saml to 21.03 (#20070) * #20063 sending cookies httponly and secure (#20065) * Issue 19934 adding folder to root throws a jsp error (#20073) * If folder is newly not show the permission tab * #19934 Format * Fix tests oracle (#20054) * Fix ContentletWebAPIImplIntegrationTest * replace null with empty string * Remove extra folder extension * run-all * Upgrade saml 21.03 (#20076) * Upgrade saml to 21.03 * upgrade saml to 21.03.1 * Change order of Mapping test. Decrease time in other tests. Move IT t… (#20072) * Change order of Mapping test. Decrease time in other tests. Move IT to Unit * Attempt removing getting-started-layout by id and name * Missing changes * #19683 Create endpoint to get the create content url * Fixing test (#20086) * Fixing test * Fixing test * Update .gitmodules * Find getting started layout by name instead of id (#20092) * Changing the logic to get the Getting Starter portlet layout. Now, it searches by name instead of id * Updating starter version Co-authored-by: Nollymar Longa <> * Updte image api url in gs portlet * Issue 20098 send page mimetype if is page (#20099) * #20058 turn on security options * #20098 this sets the mime type to a page if the url is a page in dotCMS * Remove same height container fix * Update .gitmodules * Update gradle.properties * Update gradle.properties Co-authored-by: Nollymar Longa <nollymar.longa@dotcms.com> Co-authored-by: Nollymar Longa <> Co-authored-by: Will Ezell <will@dotcms.com> Co-authored-by: Freddy Montes <freddymontes@gmail.com> Co-authored-by: dotcmsbuild <dotcmsbuild@dotcms.com> Co-authored-by: Freddy Rodriguez <freddy0309@gmail.com> Co-authored-by: Jonathan <jonathan.sanchez@dotcms.com> Co-authored-by: erickgonzalez <erick.gonzalez@dotcms.com>
jcastro-dotcms
added a commit
that referenced
this issue
Jul 12, 2021
jcastro-dotcms
added
LTS : Next
Ticket that will be added to LTS
Severity : Support Requested
labels
Jul 15, 2021
jcastro-dotcms
added a commit
that referenced
this issue
Aug 22, 2021
jcastro-dotcms
added
LTS: Released
Release : 5.3.8.6
Included in LTS patch release 5.3.8.6
and removed
LTS : Next
Ticket that will be added to LTS
labels
Aug 22, 2021
rweiner
added
the
Changelog: Skip
Not customer facing and never seen by customers issues
label
Oct 1, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Changelog: Skip
Not customer facing and never seen by customers issues
Merged
OKR : Security & Privacy
Owned by Mehdi
QA : Approved
QA : Passed Internal
Release : 5.3.8.6
Included in LTS patch release 5.3.8.6
Release : 21.03
Type : Enhancement
Tomcat ships with a filter that will add Security related headers to a tomcat installation. Now that we ship with SSL on by default https://local.dotcms.site:8443 by default, we should also turn on this filter as well. I believe our OTB settings should be something like:
https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#HTTP_Header_Security_Filter
The text was updated successfully, but these errors were encountered: