Jira 8 is showing Plugins and Jira version in about page even without authentication.
https://jira.x.com/secure/Dashboard.jspa which could lead to attack information gathering specially for all the plugins deployed
If you're worried about a page showing specific versions of software, you are worrying about the wrong thing. What difference does it make that an attacker knows you have (or not) a vulnerable version?
Imagine you have software with versions 82.1, 82.2 and 82.3. 82.2 has a security flaw. An attacker has a look at your system. If you announce the version, they know whether you are vulnerable or not. If you do not announce it, they try the attack anyway. For most attacks, trying an exploit is not much slower than reading the page to try to decide whether to bother.
Background When you hear the words ‘Release notes’, almost always you think of an unsolicited email from a software vendor. But I am here to tell you that from our data, sending release notes via E...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events