Non default values of configuration property 'caas-rest.jslt-transformations-pattern' were not used properly

The jslt transformation resouces *.jslt were always loaded from the default location. A configuration value of ''caas-rest.jslt-transformations-pattern' different from the default was not used properly.

(CMS-19303)

Headless Server sends HTTP header Strict-Transport-Security by default

Headless Server now sends by default a Strict-Transport-Security HTTP header with the default value of "max-age= 63072000; includeSubdomains". The content of the header can be configured by application properties. Please see the deployment manual for details.

(CMS-19046)