https://bz.apache.org/bugzilla/show_bug.cgi?id=65598
Bug ID: 65598 Summary: Security by default with Tomcat error pages Product: Tomcat 8 Version: 8.5.71 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: alexand...@gmx.net Target Milestone: ---- The default error pages provide a detailed report and server version by default. To prevent information disclosure and gathering this default behaviour should be changed to not to report this information. This could probably be done by setting public class ErrorReportValve extends ValveBase { private boolean showReport = false; private boolean showServerInfo = false; } -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org