Hi,
We saw in the web.xml that the error code 405 is missing, this can be a problem because the response contains the Tomcat version now. Security-wise it would be better to return a customer error page, like dotCMS is doing for the 401, 403, 404, 500 and 503. There are two ways to resolve this:
1. Remove all error-page entries in the web.xml and replace this with the general error page:
<error-page>
<location>/html/error/custom-error-page.jsp</location>
</error-page>
2. If dotCMS would not like to use the general error page they could add the 405:
<error-page>
<error-code>405</error-code>
<location>/html/error/custom-error-page.jsp</location>
</error-page>
Is there a reason that the 405 is missing in the web.xml?