[mod_cluster-issues] [JBoss JIRA] (MODCLUSTER-714) support secret="secret" in AJP nodes

support secret="secret" in AJP nodes ------------------------------------ Key: MODCLUSTER-714 URL: https://issues.redhat.com/browse/MODCLUSTER-714 Project: mod_cluster Issue Type: Bug Components: Native (httpd modules) Reporter: Jean-Frederic Clere Assignee: Jean-Frederic Clere Priority: Major Fix For: 2.0.0.Alpha1 The CVE-2020-1938 "mitigation" forces the use of a secret between httpd and the back-end. <Connector port = "8009" protocol = "AJP / 1.3" redirectPort = "8443" address = "YOUR_TOMCAT_IP_ADDRESS" requiredSecret = "YOUR_TOMCAT_AJP_SECRET" /> Actually secret="secret" is support in mod_proxy_ajp but not in mod_cluster. That prevents use using the mitigation.