Confluence should provide administrators with a way to toggle displaying version related information on/off.
If unauthenticated, one can access Confluence's landing page and retrieve version related information from three places:
- Login page footer.
- Response Head AJS Tags.
- Response Body What's New Link.
Someone without good intentions could use this information to search for possible security vulnerabilities over the internet and hack Confluence. Therefore, if in a public facing instance, hiding these pieces of information can become a requirement for administrators.
An administrator can modify Confluence core files to prevent this information from being displayed. The knowledge base below teaches how to do that: