You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Kevin Risden (Jira)" <ji...@apache.org> on 2020/03/10 20:22:00 UTC

[jira] [Created] (KNOX-2285) Change gateway.server.header.enabled default to false

Kevin Risden created KNOX-2285:
----------------------------------

             Summary: Change gateway.server.header.enabled default to false
                 Key: KNOX-2285
                 URL: https://issues.apache.org/jira/browse/KNOX-2285
             Project: Apache Knox
          Issue Type: Improvement
          Components: Server
            Reporter: Kevin Risden
            Assignee: Kevin Risden
             Fix For: 1.4.0


KNOX-932 added gateway.server.header.enabled with the default set to true. Its been ~2 years and many security scanners are reporting issues if servers report internal versions.

We should set the default of gateway.server.header.enabled to false to prevent this information from leaking.





--
This message was sent by Atlassian Jira
(v8.3.4#803005)