Blocking Server Version Disclosure

Showing results for 
Search instead for 
Did you mean: 
Member II

Blocking Server Version Disclosure

Hi All, We are using Community Edition 5.2. Our security auditor asked to stop disclosing the version information. Attached is the screenshot. Request for support.

1 Reply

Re: Blocking Server Version Disclosure

This should be an easy customization. This kind of message is provided by a status template only used for non-default / non-success messages. They exist for JSON and HTML formats, and you should be able to override them via the alfresco/extension/templates/webscripts path. The documentation is a bit scarce on status response templates as these are often not customised since the default is pretty reasonable. As the documentation states, the default template is simply called status.ftl, and you can provide status code specific templates as <code>.ftl. Within the web script packages, i.e. alfresco/extension/templates/webscripts/org/aflresco for the default Alfresco web scripts, you can provide even more granular templates, combining status code and/or response formats via <format>.<code>.ftl or simply <format>.status.ftl