Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
5
-
Description
Problem Definition
Version informations should not be accessible to any non authenticated user.
For some customers, this could represent a security concern.
Suggested Solution
Hide any version information (for example from the footer of Bitbucket) or provide an option to do so.
Workaround
To hide the footer, the steps are as follows:
1. Open $BITBUCKET_INST/app/static/bitbucket/internal/webpanels/global-footer.soy in a text editor
2. Locate the following section:
<li>{productFullName()} <span title="{$hash}" id="product-version" data-commitid="{$hash}" data-system-build-number="{$systemBuildNumber}"> v{$buildVersion}</span></li>
Edit it so it looks like:
{if false} <li>{productFullName()} <span title="{$hash}" id="product-version" data-commitid="{$hash}" data-system-build-number="{$systemBuildNumber}"> v{$buildVersion}</span></li> {/if}
3. Restart Bitbucket Server
In case of a data center setup, this needs to be performed on each node.
Note
Wrapping the list item in an if block that will never execute it guarantees that the item remains hidden, but will still allow the template to function correctly.
Attachments
Issue Links
- is related to
-
CONFSERVER-59154 Ability to Toggle Version Information on Confluence Pages On/Off
- Gathering Interest
-
JRASERVER-70362 As a Jira Admin, I want to hide the version number showing to unauthenticated users
- Gathering Interest
- causes
-
PS-73407 Loading...
- mentioned in
-
Page Loading...