Hi Kazuhiko, This change was in response to CVE-2019-10092. People who aren't upgrading httpd for some reason should still remove the path information from the error pages to prevent XSS.
- Y On Thu, Jan 30, 2020 at 4:05 AM kohmoto <kohm...@iris.eonet.ne.jp> wrote: > Hi, > > I have learned small changes in httpd would cause to expose > version information even we hide it though settings. > > The article indicating this realities is in the follow link. > > https://blog.eg-secure.co.jp/?m=1 > > This article is written in Japanese. Please apologize this > convenience, but you can understand what is there. > > Thank you for your cooperation. > > Yours truly, > Kazuhiko Kohmoto > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
