[SECURITY] Remove version from default User-Agent 95/53895/2
authorSusanne Moog <susanne.moog@typo3.com>
Tue, 5 Sep 2017 09:36:34 +0000 (11:36 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 5 Sep 2017 09:36:35 +0000 (11:36 +0200)
TYPO3 does no longer send the concrete TYPO3 version as
part of the default User-Agent header when doing requests.

Resolves: #82072
Releases: master, 8.7, 7.6
Security-Commit: 5c4ded6108c4cb6c94ac11c58a4a9b9a1437ff25
Security-Bulletin: TYPO3-CORE-SA-2017-006
Change-Id: Icd6eb811ef96110d9c2636b5910a46186d248372
Reviewed-on: https://review.typo3.org/53895
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/core/Configuration/DefaultConfiguration.php

index 11200cb..9e06264 100644 (file)
@@ -1176,7 +1176,7 @@ return [
         'ssl_capath' => '',        // String: Directory holding multiple Certificate Authority files.
         'ssl_local_cert' => '',        // String: Name of a file containing local certificate.
         'ssl_passphrase' => '',        // String: Passphrase with which local certificate was encoded.
-        'userAgent' => 'TYPO3/' . TYPO3_version// String: Default user agent. If empty, this will be "TYPO3/x.y.z", while x.y.z is the current version. This overrides the constant <em>TYPO3_user_agent</em>.
+        'userAgent' => 'TYPO3' // String: Default user agent. This sets the constant <em>TYPO3_user_agent</em>.
     ],
     'LOG' => [
         'writerConfiguration' => [