Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #18376: Prevent PHP and nginx versions to be sent in response headers

Download Browse

While this has very little to no benefit from a security point of view (please just update your softwares instead of trying to hide publicly known information), automated tools flag this as a very serious issue. It is easier to drop the versions than to argue with automated tools. To test, you need to redeploy the nginx configuration. Please note that on a dev setup there is a reverse proxy which also add its own "Server" header, so you need to query directly the server without going through the reverse proxy to see the change. Change-Id: Ia317706449eb1cb6af6caf90ef6763384f5204ed

+3 −0
Thomas Gerbet (tgerbet) 2020-11-26 17:13
Thomas Gerbet (tgerbet) 2020-11-26 17:13
57b72810ba09aa399a8488b2254a0a816f1a22fe
dc4dffb194e85415eecbb250d9a781df0f54f6ac
git #tuleap/stable/57b72810ba09aa399a8488b2254a0a816f1a22fe

Modified Files

Side by side diff
Inline diff
Name
M src/etc/nginx/tuleap-managed-global-settings.conf +3 −0 Go to diff View file