[SECURITY] Remove version from default User-Agent 03/53903/2
authorSusanne Moog <susanne.moog@typo3.com>
Tue, 5 Sep 2017 09:37:28 +0000 (11:37 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 5 Sep 2017 09:37:35 +0000 (11:37 +0200)
TYPO3 does no longer send the concrete TYPO3 version as
part of the default User-Agent header when doing requests.

Resolves: #82072
Releases: master, 8.7, 7.6
Security-Commit: f5558a5d745f2bafe3c27d5621ef1ce26f3989a9
Security-Bulletin: TYPO3-CORE-SA-2017-006
Change-Id: If9d7745d909e93899e2b405e016518a9284a1006
Reviewed-on: https://review.typo3.org/53903
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/core/Configuration/DefaultConfiguration.php

index 5bd5404..ba2710d 100644 (file)
@@ -1082,7 +1082,7 @@ return [
         'verify' => true,
         'version' => '1.1',
         'headers' => [ // Additional HTTP headers sent by every request TYPO3 executes.
-            'User-Agent' => 'TYPO3/' . TYPO3_version // String: Default user agent. If empty, this will be "TYPO3/x.y.z", while x.y.z is the current version. This overrides the constant <em>TYPO3_user_agent</em>.
+            'User-Agent' => 'TYPO3' // String: Default user agent. This sets the constant <em>TYPO3_user_agent</em>.
         ]
     ],
     'LOG' => [