You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jena.apache.org by "Andy Seaborne (JIRA)" <ji...@apache.org> on 2016/01/29 14:12:39 UTC

[jira] [Created] (JENA-1125) Suppress output of "Server:" with version information.

Andy Seaborne created JENA-1125:
-----------------------------------

             Summary: Suppress output of "Server:" with version information.
                 Key: JENA-1125
                 URL: https://issues.apache.org/jira/browse/JENA-1125
             Project: Apache Jena
          Issue Type: Improvement
          Components: Fuseki
            Reporter: Andy Seaborne
            Assignee: Andy Seaborne
            Priority: Minor
             Fix For: Fuseki 2.4.0


Security reports sometimes worry about revealing version information , despite this being open source where every detail is available anyway.

We could suppress or modify the output of the "Server:" header, added by Jetty and by Fuseki.

Should we omit the header?
Have the system name but not the version?
Keep the information anyway?

Making it some kind of configuration feature is difficult because of the variety of environments Fuseki runs in (standalone or from a war file). Because of that, initialization happens quite late and the only current server configuration is about the general Jena environment.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)