[Bug 58238] New: ErrorReportValve - default showReport / showServerInfo to false

bugzilla Wed, 12 Aug 2015 05:46:53 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=58238


            Bug ID: 58238
           Summary: ErrorReportValve - default showReport / showServerInfo
                    to false
           Product: Tomcat 9
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: funk...@apache.org

Update org.apache.catalina.valves.ErrorReportValve so that showReport and 
showServerInfo default to false

This makes it secure by default and prevents the extra effort by admins to go
in and turn it off.

Other touch points (that I notice)
 - server.xml [add as a comment how to re-enable] <Valve
className="org.apache.catalina.valves.ErrorReportValve" showReport="true"
showServerInfo="true"/>
 - valve.html - to reflect new defaults

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58238] New: ErrorReportValve - default showReport / showServerInfo to false

Reply via email to