Hi, Tomcat’s default error handler has showServerInfo set to true by default. This is not a good security practice because it exposes Tomcat’s version (version disclosure).
Is there a reason why this property is not set to false by default? Thanks, Karim
