Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bind to localhost instead of 0.0.0.0 #381

Closed
wants to merge 21 commits into from
Closed

Conversation

timyates
Copy link
Contributor

@timyates timyates commented Jan 17, 2023

Previously, the servlet container was bound to all interfaces on 0.0.0.0

This change switches to bind to localhost by default as we dso with the Netty server

As it's a change in functionality, it's a change for 4.0.0 to be included in Micronaut 4

Closes #377

Builds on #379 which merges the TCK in to master

sdelamo and others added 19 commits October 27, 2022 19:18
* Fix Servlet binding for Publisher types

Backport of #373 to 3.3.x

* No Graal 11 dev anymore

* Fix

* Add token
Backports fixes added in #364
* test: HTTP Server TCK for tomcat, jetty and undertow

* apply new HTTP Server TCK

* ci: projectVersion 3.5.0-SNAPSHOT [ci skip]

* ci: githubCoreBranch 3.9.x [ci skip]

* bump up Micronaut Gradle Plugin to 3.6.7

* simplify build

* compatibility with Java 8

* build: update to MN 3.8.0

* build: update to MN Test 3.8.0

* test: update SSL tests

Backports fixes added in #364

* source compatibility 1.8

* exclude RemoteAddressTest

test is failing with: org.opentest4j.AssertionFailedError: expected: <127.0.0.1> but was: <10.1.0.227>
Previously, the servlet container was bound to all interfaces on 0.0.0.0

This change switches to bind to localhost by default as we dso with the Netty server

As it's a change in functionality, it's a change for 4.0.0 to be included in Micronaut 4
@timyates timyates added this to the 4.0.0 milestone Jan 17, 2023
@timyates timyates self-assigned this Jan 17, 2023
@timyates
Copy link
Contributor Author

As this is a security fix, I have backported it to 3.3.x here #383

@timyates timyates linked an issue Jan 18, 2023 that may be closed by this pull request
Base automatically changed from mergeup3.4.x to master January 19, 2023 11:38
@sdelamo
Copy link
Contributor

sdelamo commented Jan 19, 2023

Can we close this since we will merge up #383 ?

@timyates
Copy link
Contributor Author

Yes 👍

@timyates timyates closed this Jan 20, 2023
@timyates timyates deleted the bind-to-localhost branch January 20, 2023 09:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
No open projects
Status: Done
Status: Done
Development

Successfully merging this pull request may close these issues.

Investigate why HTTP Server TCK CorsSimpleRequestTest fails
3 participants