You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jena.apache.org by "Andy Seaborne (JIRA)" <ji...@apache.org> on 2016/01/31 17:55:39 UTC

[jira] [Resolved] (JENA-1125) Suppress output of "Server:" with version information.

     [ https://issues.apache.org/jira/browse/JENA-1125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andy Seaborne resolved JENA-1125.
---------------------------------
    Resolution: Fixed

> Suppress output of "Server:" with version information.
> ------------------------------------------------------
>
>                 Key: JENA-1125
>                 URL: https://issues.apache.org/jira/browse/JENA-1125
>             Project: Apache Jena
>          Issue Type: Improvement
>          Components: Fuseki
>            Reporter: Andy Seaborne
>            Assignee: Andy Seaborne
>            Priority: Minor
>             Fix For: Fuseki 2.4.0
>
>
> Security reports sometimes worry about revealing version information , despite this being open source where every detail is available anyway.
> We could suppress or modify the output of the "Server:" header, added by Jetty and by Fuseki.
> Should we omit the header?
> Have the system name but not the version?
> Keep the information anyway?
> Making it some kind of configuration feature is difficult because of the variety of environments Fuseki runs in (standalone or from a war file). Because of that, initialization happens quite late and the only current server configuration is about the general Jena environment.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)