Loading...

XML

Word

Printable

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Server - Administration
Labels:

UIS:
6
Support reference count:
10

Suggestion Summary

Confluence should provide administrators with a way to toggle displaying version related information on/off.

Suggestion Details

If unauthenticated, one can access Confluence's landing page and retrieve version related information from three places:

Login page footer.
Response Head AJS Tags.
Response Body What's New Link.

Someone without good intentions could use this information to search for possible security vulnerabilities over the internet and hack Confluence. Therefore, if in a public facing instance, hiding these pieces of information can become a requirement for administrators.

Workaround

An administrator can modify Confluence core files to prevent this information from being displayed. The knowledge base below teaches how to do that:

How to Hide Version Information on Confluence

relates to

BSERV-12073 As an administrator, I want to be able to hide any version information from Bitbucket for anonymous users

Gathering Interest

JRASERVER-70362 As a Jira Admin, I want to hide the version number showing to unauthenticated users

Gathering Interest

PBAC-1204 Loading...

follows: VULN-1034172 Loading...

mentioned in: Page Loading...; Page Loading...

(1 mentioned in)

Assignee:: Unassigned
Reporter:: Marcelo Horlle (Inactive)
Votes:: 73 Vote for this issue
Watchers:: 40 Start watching this issue

Created:: 22/Nov/2019 7:17 PM
Updated:: 24/Nov/2025 5:09 AM

Details

Description

Suggestion Summary

Suggestion Details

Workaround

Attachments

Issue Links

Forms

Activity

People

Dates