Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-2285

Change gateway.server.header.enabled default to false

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.4.0
    • Server
    • None

    Description

      KNOX-932 added gateway.server.header.enabled with the default set to true. Its been ~2 years and many security scanners are reporting issues if servers report internal versions.

      We should set the default of gateway.server.header.enabled to false to prevent this information from leaking.

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. KNOX-932 Option to remove the server-name from HTTP-header response

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. KNOX-2257 Documentation for KNOX-932 / KNOX-2285 gateway.server.header.enabled

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #286

          Activity

            People

              krisden Kevin Risden
              krisden Kevin Risden
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m