diff --git a/change-defaults-for-CVE-2020-1938.patch b/change-defaults-for-CVE-2020-1938.patch
index 03207b1..a7f7c49 100644
--- a/change-defaults-for-CVE-2020-1938.patch
+++ b/change-defaults-for-CVE-2020-1938.patch
@@ -1,6 +1,6 @@
diff -up ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java
---- ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig 2020-03-12 13:33:31.792406379 -0400
-+++ ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java 2020-03-12 13:35:24.222117728 -0400
+--- ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig 2020-04-22 15:31:12.889587528 -0400
++++ ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java 2020-04-22 15:31:37.907534419 -0400
@@ -16,7 +16,6 @@
*/
package org.apache.coyote.ajp;
@@ -28,9 +28,9 @@ diff -up ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig ./java/org/a
this.secretRequired = secretRequired;
}
diff -up ./webapps/docs/changelog.xml.orig ./webapps/docs/changelog.xml
---- ./webapps/docs/changelog.xml.orig 2020-03-12 13:33:54.354348454 -0400
-+++ ./webapps/docs/changelog.xml 2020-03-12 13:37:17.041828075 -0400
-@@ -178,14 +178,10 @@
+--- ./webapps/docs/changelog.xml.orig 2020-04-03 08:12:03.000000000 -0400
++++ ./webapps/docs/changelog.xml 2020-04-22 15:31:37.911534411 -0400
+@@ -526,14 +526,10 @@
Disable (comment out in server.xml) the AJP/1.3 connector by default.
(markt)
@@ -47,26 +47,25 @@ diff -up ./webapps/docs/changelog.xml.orig ./webapps/docs/changelog.xml
will not start unless the For servers with more than one IP address, this attribute
- specifies which address will be used for listening on the specified
-- port. By default, the loopback address will be used.secret
attribute is configured to
a non-null, non-zero length String. (markt)
diff -up ./webapps/docs/config/ajp.xml.orig ./webapps/docs/config/ajp.xml
---- ./webapps/docs/config/ajp.xml.orig 2020-03-12 13:34:10.383307302 -0400
-+++ ./webapps/docs/config/ajp.xml 2020-03-12 13:36:17.617980639 -0400
-@@ -315,7 +315,10 @@
+--- ./webapps/docs/config/ajp.xml.orig 2020-04-22 15:31:37.913534406 -0400
++++ ./webapps/docs/config/ajp.xml 2020-04-22 15:35:35.003031090 -0400
+@@ -327,7 +327,9 @@
127.0.0.1
-+ indicates that the Connector will only listen on the loopback
-+ interface.
For servers with more than one IP address, this attribute specifies
+ which address will be used for listening on the specified port. By
+- default, the connector will listen on the loopback address. Unless the JVM
++ default, this port will be used on all IP addresses associated with the
++ server. A value of 127.0.0.1
indicates that the Connector
++ will only listen on the loopback interface.
0.0.0.0
or ::
. The APR/native
+@@ -500,7 +502,7 @@
+ the secret attribute is required to be specified for the
+ AJP Connector to start. It does not control whether
+ workers are required to provide the secret. The default value is
+- true
. This attribute should only be set to false
++ false
. This attribute should only be set to false
+ when the Connector is used on a trusted network.
- If this attribute is true
, the AJP Connector will only
- start if the secret attribute is configured with a
-- non-null, non-zero length value. The default value is true
.
-+ non-null, non-zero length value. The default value is false
.
- This attributue should only be set to false
when the
- Connector is used on a trusted network.