Non default values of configuration property 'caas-rest.jslt-transformations-pattern' were not used properly

The jslt transformation resouces *.jslt were always loaded from the default location. A configuration value of ''caas-rest.jslt-transformations-pattern' different from the default was not used properly.

(CMS-19303)

Headless Server sends HTTP header Strict-Transport-Security by default

Headless Server now sends by default a Strict-Transport-Security HTTP header with the default value of "max-age= 63072000; includeSubdomains". The content of the header can be configured by application properties. Please see the deployment manual for details.

(CMS-19046)

Slightly improved error message handling

For security reasons, Headless Server does not expose any textual error messages anymore, when running in live mode. This prevents any unwanted, accidental exposure of server side error messages which might leak information potentially useful for attackers. In preview mode, error messages are still part of the JSON error response.

(CMS-19045)