rahmanusta
commented
8 years ago Hi @msgilligan , AsciidocFX has auto-update feature. I think it is related to that. You can deny it.
Open msgilligan opened 8 years ago
rahmanusta
commented
8 years ago Hi @msgilligan , AsciidocFX has auto-update feature. I think it is related to that. You can deny it.
msgilligan
commented
8 years ago For auto-update it should open client connections to an update server, not open ports and listen for incoming connections on them. Using incoming ports is a security issue and should be avoided -- especially when unnecessary.
rahmanusta
commented
7 years ago @ingokegel What do you think for this issue ?
ingokegel
commented
7 years ago The updater does not open a server socket, there is only an outgoing connection.
ctrngk
commented
5 years ago It pops up this confirmation every time, really annoying.
rahmanusta
commented
5 years ago I use it on Mac too, and I don't get this popup. I would like to help if I can reproduce it.
I have some questions:
Matthew1471
commented
4 years ago I am running Windows but I found this page while I too wondered why I was getting Firewall requests when I launched the application. I think I've worked it out, when you click "Browser" in AsciidocFX it opens your web-browser to http://localhost:*port*/afx/resource/*path*?p=index.html
So, AsciidocFX is indeed listening on a TCP port.
Further analysis showed that setting the port to 0 on the same framework AsciidocFX uses makes it random : https://stackoverflow.com/questions/30312058/spring-boot-how-to-get-the-running-port as indeed it is https://github.com/asciidocfx/AsciidocFX/blob/0aaa499f10640339fb274ed932c21ad9570ab496/src/main/resources/application.properties
It also looks like internally from the URL mappings in the application.properties it uses the web server for a lot of functionality including presenting slides to others.
There is also the option to only allow it to listen to local requests : https://stackoverflow.com/questions/46192242/spring-boot-webapp-localhost-only but I believe that needs to be set by the developers (and ideally configurable as the slides hosting functionality does look pretty cool in a classroom/meeting environment.
I have tried visiting this from another device on the LAN and the port is not just accessible from localhost but from another device too (so this is not just bound to localhost)! The firewall message is therefore correct, you probably will want to firewall it off from other users of your network in case there are any vulnerabilities in the Spring Boot framework and/or to stop people trying to read your content!
rene-aguirre
commented
1 week ago I had to install the app due my company network scanners picking up the "vulnerable" http server port on my machine, seems @Matthew1471 guideline is worth to try.
This command would help to confirm the issue and fix on macOS:
sudo lsof -i -P | grep 'LISTEN'You'd see a java prefixed binary process, under the current user, listening on TCP *: instead of TCP localhost:
When I launch AsciidocFX 1.4.7 on OS X I get a message (from the OS X firewall) asking if I want to accept incoming network connections. I don't expect this from a markdown editor application and I don't see anything in the UI or documentation about why it wants to do this. I click Deny and it seems to work fine, but this behavior should be removed or at least documented.