Noelette, Thank you very much for your quick reply and the information. I really appreciate it. I will give this a try.
Thanks, Jerome A. Wendell -----Original Message----- From: Noelette Stout <[email protected]> Sent: Wednesday, October 22, 2025 10:48 AM To: Tomcat Users List <[email protected]> Subject: Re: Tomcat Version Number on Error Pages You can add this valve to your server.xml to keep it from showing the version info. <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" /> Noelette On Wed, Oct 22, 2025 at 8:44 AM Jerome A. Wendell <[email protected]> wrote: > We use Tomcat on a website that requires subscriptions, so payments > are made on the website. With the new PCI Compliance regulations and > scans, it appears that the version of Tomcat used being displayed on > the error pages is a vulnerability. I have tried creating custom > error pages based on information found from searching the web on this > issue, but the solutions that I have tried do not work. Is there a > way to prevent the Tomcat version number from being displayed on the > error pages? > > > > Thanks, > > > > Jerome A. Wendell > > > > -- Noelette Stout Enterprise Access Manager Senior Application Administrator Idaho State University E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554 *I am sending this message now because it suits me, but I don’t expect that you will read, respond to, or act on it outside of comfortable hours for your time zone.* --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
