On 10/05/18 17:10, Violeta Georgieva wrote: > 2018-05-10 19:04 GMT+03:00 Violeta Georgieva <violet...@apache.org>: >> >> Hi, >> >> 2018-05-10 19:00 GMT+03:00 Mark Thomas <ma...@apache.org>: >>> >>> On 10/05/18 16:27, John Palmer wrote: >>> >>> <snip/> >>> >>>> or am I missing (or just ignorant of ) something? >>> >>> Seems reasonable to me looking at the code. Give me a few minutes to >>> test it and - assuming all is well - I'll make the change. >> >> Isn't it intentional to not have a css? >> We do not want to expose the Tomcat version, right? > > https://bz.apache.org/bugzilla/show_bug.cgi?id=56383
Putting to one side the argument over whether revealing the version is a a security vulnerability or not... Exposing the CSS doesn't reveal the version. 9.0.x and 8.5.x include the CSS as a result of BZ 60490. I've back-ported that fix to 8.0.x and 7.0.x Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
