You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jena.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2016/01/29 14:13:40 UTC

[jira] [Commented] (JENA-1125) Suppress output of "Server:" with version information.

    [ https://issues.apache.org/jira/browse/JENA-1125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15123457#comment-15123457 ] 

ASF subversion and git services commented on JENA-1125:
-------------------------------------------------------

Commit c87a5d17df03d65bd8524aeaf38bafd360267532 in jena's branch refs/heads/master from [~andy.seaborne]
[ https://git-wip-us.apache.org/repos/asf?p=jena.git;h=c87a5d1 ]

JENA-1125: Don't print version information when a "released" server.

> Suppress output of "Server:" with version information.
> ------------------------------------------------------
>
>                 Key: JENA-1125
>                 URL: https://issues.apache.org/jira/browse/JENA-1125
>             Project: Apache Jena
>          Issue Type: Improvement
>          Components: Fuseki
>            Reporter: Andy Seaborne
>            Assignee: Andy Seaborne
>            Priority: Minor
>             Fix For: Fuseki 2.4.0
>
>
> Security reports sometimes worry about revealing version information , despite this being open source where every detail is available anyway.
> We could suppress or modify the output of the "Server:" header, added by Jetty and by Fuseki.
> Should we omit the header?
> Have the system name but not the version?
> Keep the information anyway?
> Making it some kind of configuration feature is difficult because of the variety of environments Fuseki runs in (standalone or from a war file). Because of that, initialization happens quite late and the only current server configuration is about the general Jena environment.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)