From 4d5dd49b2cb38d2fed3cdde3102a0a298cff4d33 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Mon, 20 Jan 2025 17:12:56 +0000
Subject: [PATCH] Add a note about WebDAV

---
 webapps/docs/security-howto.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index 0955c11bde46..b006b9944986 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -543,6 +543,10 @@
     headers it sets unless your application is already setting them. If Tomcat
     is accessed via a reverse proxy, then the configuration of this filter needs
     to be co-ordinated with any headers that the reverse proxy sets.</p>
+
+    <p>The WebDAV servlet enables edit functionality for web application
+    content. If the WebDAV servlet is enabled, the WebDAV functionality should
+    be appropriately secured.</p>
   </section>
 
   <section name="Embedded Tomcat">