You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/10/31 20:21:28 UTC

[tomcat] branch 7.0.x updated: Correct description of default value of server attribute

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
     new 9729afc  Correct description of default value of server attribute
9729afc is described below

commit 9729afc32f64af2b9b60a3721d14b6aa5169d02a
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Oct 31 21:18:42 2019 +0100

    Correct description of default value of server attribute
---
 webapps/docs/changelog.xml      | 8 ++++++++
 webapps/docs/security-howto.xml | 5 +++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f150d08..4340fbd 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -109,6 +109,14 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Web applications">
+    <changelog>
+      <fix>
+        Correct the description of the default value for the server attribute in
+        the security How-To. (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Other">
     <changelog>
       <fix>
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index dccc584..7bccf0c 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -285,8 +285,9 @@
 
       <p>The <strong>server</strong> attribute controls the value of the Server
       HTTP header. The default value of this header for Tomcat 4.1.x to
-      <version-major-minor/>.x is Apache-Coyote/1.1. This header can provide
-      limited information to both legitimate clients and attackers.</p>
+      8.0.x is Apache-Coyote/1.1. From 8.5.x onwards this header is not set by
+      default. This header can provide limited information to both legitimate
+      clients and attackers.</p>
 
       <p>The <strong>SSLEnabled</strong>, <strong>scheme</strong> and
       <strong>secure</strong> attributes may all be independently set. These are


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org