•  
      request #18376 Prevent PHP and nginx versions to be sent in response headers
    Infos
    #18376
    Thomas Gerbet (tgerbet)
    2020-11-27 14:04
    2020-11-26 16:46
    19927
    Details
    Prevent PHP and nginx versions to be sent in response headers
    At the moment those headers are sent because this is what nginx and PHP FPM do by default. It's not really a big deal since the possible versions usable to run Tuleap is very narrow and publicly known. Anyway since this get flagged by "security audits", it consumes less energy to just drop them. It should however be noted that the only real answer to this issue is to run up to date software.
    Installation process
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2020-11-27
    Attachments
    Empty
    References

    Follow-ups

    User avatar

    Integrated into Tuleap 12.2.99.100


    • Status changed from Under review to Closed
    • Connected artifacts
    • Close date set to 2020-11-27
    User avatar
    Thomas Gerbet (tgerbet)2020-11-26 17:32
    Patch under review: gerrit #20905.

    • Summary
      -Remove Server and X-Powered-By headers in default configurations 
      +Prevent PHP and nginx versions to be sent in response headers 
    • Status changed from Under implementation to Under review