You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Kevin Risden (Jira)" <ji...@apache.org> on 2020/03/10 20:22:00 UTC
[jira] [Created] (KNOX-2285) Change gateway.server.header.enabled
default to false
Kevin Risden created KNOX-2285:
----------------------------------
Summary: Change gateway.server.header.enabled default to false
Key: KNOX-2285
URL: https://issues.apache.org/jira/browse/KNOX-2285
Project: Apache Knox
Issue Type: Improvement
Components: Server
Reporter: Kevin Risden
Assignee: Kevin Risden
Fix For: 1.4.0
KNOX-932 added gateway.server.header.enabled with the default set to true. Its been ~2 years and many security scanners are reporting issues if servers report internal versions.
We should set the default of gateway.server.header.enabled to false to prevent this information from leaking.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)