Hi Piotr, thank you for the patch.
On Wed, Feb 28, 2024 at 01:20:35AM +0000, Piotr Sikora via nginx-devel wrote: [...] > HTTP: stop emitting server version by default. > This information is only useful to attackers. > The previous behavior can be restored using "server_tokens on". [...] I don't think this is a good idea to change the default behaviour for the directive we have for a long-long time. It's always possible to set `server_tokens off;' in the configuration file. Also, this change is required a corresponding change in the documentation on the nginx.org website. Thank you. -- Sergey A. Osokin _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
