issue #881, closes #881 + some whitespace fixes

OWASP · Mar 14, 2021 · d166891 · d166891
1 parent 635c843
commit d166891
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/4.0/en/0x22-V14-Config.md b/4.0/en/0x22-V14-Config.md
@@ -45,8 +45,7 @@ Note: At Level 1, 14.2.1 compliance relates to observations or detections of cli
 | **14.2.7** | [ADDED] Verify that third party components are sourced separately from internally owned and developed applications | ✓ | ✓ | ✓ | 441 |
 
 
-Note: Certain languages and package managers, have ecosystems that require the identification of packages using multiple factors (e.g groupId and artifactId). This would allow the build process to more specifically identify a resource. In other cases, package managers operate by the order of repositories or mirrors included. Consult your package managers to specifically indicate search order. 
-
+Note: Certain languages and package managers, have ecosystems that require the identification of packages using multiple factors (e.g groupId and artifactId). This would allow the build process to more specifically identify a resource. In other cases, package managers operate by the order of repositories or mirrors included. Consult your package managers to specifically indicate search order.
 
 
 ## V14.3 Unintended Security Disclosure Requirements
@@ -55,7 +54,7 @@ Configurations for production should be hardened to protect against common attac
 
 | # | Description | L1 | L2 | L3 | CWE |
 | --- | --- | --- | --- | -- | -- |
-| **14.3.1** | Verify that web or application server and framework error messages are configured to deliver user actionable, customized responses to eliminate any unintended security disclosures. | ✓ | ✓ | ✓ | 209 |
+| **14.3.1** | [DELETED, MERGED TO 7.4.1] | | | | |
 | **14.3.2** | Verify that web or application server and application framework debug modes are disabled in production to eliminate debug features, developer consoles, and unintended security disclosures. | ✓ | ✓ | ✓ | 497 |
 | **14.3.3** | Verify that the HTTP headers or any part of the HTTP response do not expose detailed version information of system components. | ✓ | ✓ | ✓ | 200 |
 
@@ -92,4 +91,4 @@ For more information, see also:
 * [Exploiting CORS misconfiguration for BitCoins and Bounties](https://portswigger.net/blog/exploiting-cors-misconfigurations-for-bitcoins-and-bounties)
 * [OWASP Web Security Testing Guide 4.1: Configuration and Deployment Management Testing](https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/README.html)
 * [Sandboxing third party components](https://cheatsheetseries.owasp.org/cheatsheets/Third_Party_Javascript_Management_Cheat_Sheet.html#sandboxing-content)
-* [Defining multiple repositories in maven](https://maven.apache.org/guides/mini/guide-multiple-repositories.html)
+* [Defining multiple repositories in maven](https://maven.apache.org/guides/mini/guide-multiple-repositories.html)