[SECURITY] Remove version from default User-Agent 99/53899/2
authorSusanne Moog <susanne.moog@typo3.com>
Tue, 5 Sep 2017 09:37:01 +0000 (11:37 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 5 Sep 2017 09:37:03 +0000 (11:37 +0200)
TYPO3 does no longer send the concrete TYPO3 version as
part of the default User-Agent header when doing requests.

Resolves: #82072
Releases: master, 8.7, 7.6
Security-Commit: 48139416459ed6a79b1bc9c018371575fa97591b
Security-Bulletin: TYPO3-CORE-SA-2017-006
Change-Id: Iafa15ce1d3f967e50124e37a8d0aff4a1d41e5ef
Reviewed-on: https://review.typo3.org/53899
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/core/Configuration/DefaultConfiguration.php

index 67f7aad..30e56d0 100644 (file)
@@ -1035,7 +1035,7 @@ return [
         'verify' => true,
         'version' => '1.1',
         'headers' => [ // Additional HTTP headers sent by every request TYPO3 executes.
-            'User-Agent' => 'TYPO3/' . TYPO3_version // String: Default user agent. If empty, this will be "TYPO3/x.y.z", while x.y.z is the current version. This overrides the constant <em>TYPO3_user_agent</em>.
+            'User-Agent' => 'TYPO3' // String: Default user agent. This sets the constant <em>TYPO3_user_agent</em>.
         ]
     ],
     'LOG' => [