Because secure profile will not return a 500 status code for errors, we should disable it by default in all engine WARs, but pick and choose those settings which should be retained for security.
Disabled secure profile on ACF11 WAR. Verified 10 and 2016 have it set to off.
Brad Wood October 4, 2017 at 6:02 PM
Are you going to take care of this? I'd say we can probably just get away with doing it on the latest CF11 war and going forward. I don't think the CF10 and CF2016 wars came with secure profile on for whatever reason.
Fixed
Pinned fields
Click on the next to a field label to start pinning.
REL:
Because secure profile will not return a 500 status code for errors, we should disable it by default in all engine WARs, but pick and choose those settings which should be retained for security.