You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/10/31 20:19:13 UTC

[tomcat] branch master updated: Correct description of default value of server attribute

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new 6626089  Correct description of default value of server attribute
6626089 is described below

commit 662608929b9af3ce241428e12ae4eae606363119
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Oct 31 21:18:42 2019 +0100

    Correct description of default value of server attribute
---
 webapps/docs/changelog.xml      | 8 ++++++++
 webapps/docs/security-howto.xml | 5 +++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a2dadbe..6562e55 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -111,6 +111,14 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Web applications">
+    <changelog>
+      <fix>
+        Correct the description of the default value for the server attribute in
+        the security How-To. (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Other">
     <changelog>
       <fix>
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index bbd6fa9..8b3d14d 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -286,8 +286,9 @@
 
       <p>The <strong>server</strong> attribute controls the value of the Server
       HTTP header. The default value of this header for Tomcat 4.1.x to
-      <version-major-minor/>.x is Apache-Coyote/1.1. This header can provide
-      limited information to both legitimate clients and attackers.</p>
+      8.0.x is Apache-Coyote/1.1. From 8.5.x onwards this header is not set by
+      default. This header can provide limited information to both legitimate
+      clients and attackers.</p>
 
       <p>The <strong>SSLEnabled</strong>, <strong>scheme</strong> and
       <strong>secure</strong> attributes may all be independently set. These are


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org