I’ve been using Foundeo’s excellent HackMyCF scanning tool since the Railo days and I have never been able to “fix” the error
Server is returning exception-message header
The default error handler for Railo or Lucee will return a HTTP response header called exception-message with the exception error message. This header may contain information that should not be disclosed to the public such as file system paths or other information that should not be disclosed. Railo 4.2.1.004 partially fixes this by default. Configure your web server to remove or overwrite this header.
More Information: http://jira.jboss.org/jira/browse/RAILO-3127
I know there was some work on this as noted in the jira link but it doesn’t seem to have progressed in Lucee (?)
Is there anything planned for this or does anyone have a workaround? Does v5 address this?
Running 4.5.5.006 IIS 8.5 2012R2 TC8.5.23