[39.x] [WFLY-20765] [CVE-2025-23368] Documentation for the new WildFly Elytron Brute Force Protection implementation.#19583
Conversation
…ection utility. This is being enabled by default but can be customised by administrators.
Also add mention of the caching, distributed, and failover realms to the documentation.
… for failed authentication tracking.
|
Looks like this was missing 39.x label, added now. |
|
We generally don't republish docs for micros. I think it's ok to do it but let's just republish the one html file this impacts and nothing else. |
I will handle this. Agreed on the procedure. |
rhusar
left a comment
There was a problem hiding this comment.
2 minor grammar issues, otherwise LGTM
| once the `max-cached-sessions` limit is reached the least recently used session will be | ||
| discarded to make room for a new session. If eviction does occur due to the cache limit | ||
| being reached a WARN message will be logged indicating this has occurred. To avoid spamming | ||
| the logs this message will be logged no more that once every 15 minutes for each realm. |
There was a problem hiding this comment.
| the logs this message will be logged no more that once every 15 minutes for each realm. | |
| the logs this message will be logged no more than once every 15 minutes for each realm. |
| multiple realms applying the protection at once. | ||
|
|
||
| During authentication attempts as this utility realm wraps the underlying realm | ||
| it will check if a session already exists |
There was a problem hiding this comment.
| it will check if a session already exists | |
| it will check if a session already exists that is |
+1 I added this PR as the feature will be in the code but not assuming we need to publish it. If that decision ever changes it would already be in the codebase. |
|
n.b. this is docs only change. no code/pom changes. |
Requires: wildfly/wildfly-core#6635
Upstream PR: #19582
https://issues.redhat.com/browse/WFLY-20765