Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Server - Administration
Labels:

UIS:
16
Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

Suggestion Summary

Confluence should provide administrators with a way to toggle displaying version related information on/off.

Suggestion Details

If unauthenticated, one can access Confluence's landing page and retrieve version related information from three places:

Login page footer.
Response Head AJS Tags.
Response Body What's New Link.

Someone without good intentions could use this information to search for possible security vulnerabilities over the internet and hack Confluence. Therefore, if in a public facing instance, hiding these pieces of information can become a requirement for administrators.

Workaround

An administrator can modify Confluence core files to prevent this information from being displayed. The knowledge base below teaches how to do that:

How to Hide Version Information on Confluence

Attachments

Issue Links

relates to

BSERV-12073 As an administrator, I want to be able to hide any version information from Bitbucket for anonymous users

Gathering Interest

JRASERVER-70362 As a Jira Admin, I want to hide the version number showing to unauthenticated users

Gathering Interest

PBAC-1204 Loading...

follows: VULN-1034172 Loading...

mentioned in: Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Marcelo Horlle

Votes:: 67 Vote for this issue

Watchers:: 35 Start watching this issue

Dates

Created:: 22/Nov/2019 7:17 PM

Updated:: 6 days ago 2:02 AM