Hi Piotr,
thank you for the patch.
On Wed, Feb 28, 2024 at 01:20:35AM +0000, Piotr Sikora via nginx-devel wrote:
[...]
> HTTP: stop emitting server version by default.
> This information is only useful to attackers.
> The previous behavior can be restored using "server_tokens on".
[...]
I don't think this is a good idea to change the default behaviour
for the directive we have for a long-long time. It's always possible
to set `server_tokens off;' in the configuration file.
Also, this change is required a corresponding change in the
documentation on the nginx.org website.
Thank you.
--
Sergey A. Osokin
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel