Add a note about WebDAV

webapps/docs/security-howto.xml

@@ -543,6 +543,10 @@
     headers it sets unless your application is already setting them. If Tomcat
     is accessed via a reverse proxy, then the configuration of this filter needs
     to be co-ordinated with any headers that the reverse proxy sets.</p>
+
+    <p>The WebDAV servlet enables edit functionality for web application
+    content. If the WebDAV servlet is enabled, the WebDAV functionality should
+    be appropriately secured.</p>
   </section>
 
   <section name="Embedded Tomcat">