You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@atlas.apache.org by "Sidharth Kumar Mishra (Jira)" <ji...@apache.org> on 2021/07/08 22:13:00 UTC

[jira] [Created] (ATLAS-4350) Atlas - Jetty Version disclosure in http response

Sidharth Kumar Mishra created ATLAS-4350:
--------------------------------------------

             Summary: Atlas - Jetty Version disclosure in http response
                 Key: ATLAS-4350
                 URL: https://issues.apache.org/jira/browse/ATLAS-4350
             Project: Atlas
          Issue Type: Bug
            Reporter: Sidharth Kumar Mishra
            Assignee: Sidharth Kumar Mishra


Atlas reveals netty version in http response 
{code:java}
GET https://atlas.host:8443/gateway/cdp-proxy/atlas/js/utils/Overrides.js?bust=1601951148602
{code}
{code:java}
HTTP/1.1 200 OK
Connection: close
Date: Wed, 03 Feb 2021 14:24:28 GMT
Connection: close
Last-Modified: Tue, 06 Oct 2020 04:13:55 GMT Content-Type: application/javascript Accept-Ranges: bytes
Server: Jetty(9.4.26.v20200117)
Content-Length: 8186
{code}
 *Recommendation:* Remove the version information from the http response header. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)