RemoteIpValve default behavior changed

[frankr12]

After upgrading to 1.1.7 we no longer receive the real RemoteIpAddress in authentication events but the proxy server’s IP. If I set server.tomcat.remote_ip_header=x-forwarded-for in application.properties it works again.

I think this issue could be related with this change: 468b6cb

If I read the documentation here, I get the impression that the x-forwarded-for should be used (on) by default. Am I wrong?

[wilkinsona]

The behaviour of x-forwarded-for has been changed in 1.1.7 as we believe it's safer for them to be opt-in. It looks like the docs were not updated as part of that change, apologies.