0006576: Disallow HTTP methods not needed for data sync - SymmetricDS

ID	Project	Category	View Status	Date Submitted	Last Update

0006576	SymmetricDS	Improvement	public	2024-09-06 21:26	2024-09-06 22:00

Reporter	elong	Assigned To	elong
Priority	normal
Status	closed	Resolution	fixed
Product Version	3.15.0
Target Version	3.15.9	Fixed in Version	3.15.9

Summary	0006576: Disallow HTTP methods not needed for data sync
Description	Disallow HTTP methods not needed for data sync that are showing up on security scans of the embedded Jetty web server. Block use of OPTIONS, TRACE, TRACK, and DELETE.
Tags	security

Date Modified	Username	Field	Change
2024-09-06 21:26	elong	New Issue
2024-09-06 21:26	elong	Status	new => assigned
2024-09-06 21:26	elong	Assigned To	=> elong
2024-09-06 21:26	elong	Tag Attached: security
2024-09-06 21:27	elong	Status	assigned => resolved
2024-09-06 21:27	elong	Resolution	open => fixed
2024-09-06 21:27	elong	Fixed in Version	=> 3.15.9
2024-09-06 22:00	admin	Changeset attached	=> SymmetricDS 3.15 93b34baa
2024-10-01 19:48	admin	Status	resolved => closed

SymmetricDS: 3.15 93b34baa 2024-09-06 21:27:06 admin Details Diff	0006576: Disallow HTTP methods not needed for data sync		Affected Issues 0006576
	mod - symmetric-server/src/main/deploy/conf/sym_service.conf		Diff File