[Progress Communities] [Progress OpenEdge ABL] Forum Post: IMPORTANT - PASOE customers who use the Apache AJP Connector

Status
Not open for further replies.
D

David Cleary

Guest
For added convenience Progress Application Server (PAS) for OpenEdge includes Apache Tomcat AJP connector. A serious vulnerability has recently been discovered and published by the security community about this third-party component: • NVD - CVE-2020-1938 In order to address this vulnerability Apache Tomcat project made a breaking change that requires customers to regenerate their instances and reconfigure the AJP connector. The Apache Tomcat community is also discussing deprecating the AJP in future versions of Tomcat due to the other options available today to connect front end Web Servers to Tomcat. In determining how best to address this issue for our customers, it is important for us to understand how many customers are using AJP today and with what other components. If you are using AJP, please respond to this and provide: 1. What third party product you are using it with 2. If you have evaluated any alternatives to AJP13 and the results of that evaluation. 3. If you use AJP13 and have not considered alternatives, would you now be inclined to do so given its possible deprecation? If you prefer to talk to us directly please let us know as well and we will try to reach you separately. Thank you for your help, Progress OpenEdge Product Team For added convenience Progress Application Server (PAS) for OpenEdge includes Apache Tomcat AJP connector . A serious vulnerability has recently been discovered and published by the security community about t he Tomcat AJP connector this third-party component: . · NVD - CVE-2020-1938 In order to address this The vulnerability required Apache Tomcat project to ma d k e a breaking change . This means that customers who use the AJP connector would need to that requires customers to regenerate their instances and reconfigure the AJP connector. The Apache Tomcat community is also discussing deprecating the AJP in future versions of Tomcat due to the other options available today to connect front end Web Servers to Tomcat. In determinizing how best to address this issue for our customers, it is important for us to understand how many customers are using AJP today and with what other components. If you are using AJP, please respond to this and provide: 1. What third party product you are using it with 2. If you have evaluated any alternatives to AJP13 and the results of that evaluation. 3. If you use AJP13 and have not considered alternatives, would you now be inclined to do so given its possible deprecation? If you prefer to talk to us directly please let us know as well and we will try to reach you separately. Thank you for your help, Progress OpenEdge Product Team

Continue reading...
 
Status
Not open for further replies.

Similar threads

A
  • Locked
[Progress News] [Progress OpenEdge ABL] Real-Time, No-Code Access to Your REST Data Sources Using the Progress DataDirect Autonomous REST Connector
Replies
0
Views
693
Aaron Burg
A
T
  • Locked
[Progress News] [Progress OpenEdge ABL] Tracking Important Interactions on Non-Sitefinity Web Assets via GTM
Replies
0
Views
358
The Progress Team
T
J
  • Locked
[Progress News] [Progress OpenEdge ABL] What is Composability and Why Should You Care?
Replies
0
Views
516
John Iwuozor
J
C
  • Locked
[Progress Communities] [Progress OpenEdge ABL] Forum Post: RE: IMPORTANT - PASOE customers who use the Apache AJP Connector
Replies
0
Views
488
cbensinger
C
S
  • Locked
[Progress News] [Progress OpenEdge ABL] Q&A: 10 Things Financial Firms Ask About Sitefinity DX
Replies
0
Views
184
Scott Snowden
S
Top