Remove kbn-version from the response headers #20573
Assignees
Labels
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Comments
kobelb
added
the
Team:Security
|
We've gone ahead with this change, as the response header isn't currently used for anything. |
|
A customer is asking when would be this change applied. They have a very strict security policy, and they need to know more or less the date when this change is gonna be available. |
|
@Erni this change will be in 6.4 |
|
Thank you very much @kobelb I will inform the customer right now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Today Kibana has a header called kbn-version that returns the version of Kibana.
This is often flagged by automated security scanners as disclosing too much information. While we do not consider this a security problem, and removing it doesn't increase security, it will cut down on the false positive rate from automated scanners.
The PR for this change can be found here
#20551
The text was updated successfully, but these errors were encountered: