Closed
Description
The default favicon served by Spring Boot could be classified as information leakage, in a similar manner like Server
HTTP header (see #4730) and exception
error attribute (see #7872) were.
I'd consider removing the default favicon as applications that don't provide custom favicon will inevitably leak info about being powered by Spring Boot.