How to Hide Version Information on Confluence

関連コンテンツ

  • 関連コンテンツがありません

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Fisheye および Crucible は除く

要約

If unauthenticated, one can access Confluence's landing page and retrieve version information from the following places:

  • Login page footer.
  • Response Head AJS Tags.
  • Response Body What's New Link.
  • Response Body Confluence Help Link.
  • About Confluence Link

Someone without good intentions could use this information to search for possible security vulnerabilities over the internet and hack Confluence. Therefore, if in a public facing instance, hiding these pieces of information can become a requirement for administrators. This knowledge base shows how to do that.

環境

  • Confluence Server, regardless of the version.
  • Confluence Data Center, regardless of the version.

診断

  • Example from Login page footer:
  • From the Head Element at Confluence-Base-URL/login.action:

  • From the Body Element at Confluence-Base-URL/login.action:

  • From the Body Element at Confluence-Base-URL/login.action:

原因

  • This is an expected behaviour.

回避策

Using VIM is the easiest way to modify the needed files inside the .JAR Files without extracting its contents. If VIM is not available because of any given reason, one can edit the needed files by following the instructions listed in How to edit files in Confluence JAR files.


  1. Confluence を停止します。

  2. Browse to the following path:

    Confluence-Installation-Directory/confluence/WEB-INF/atlassian-bundled-plugins

  3. VIM to the following JAR:

    vim confluence-whats-new-<confluence-version>.jar

  4. Edit atlassian-plugin.xml

  5. Look for the following:

    <link linkId="whats-new-menu-link">$whatsnewFullLink</link>

  6. As a workaround, change it to the following:

    <link linkId="whats-new-menu-link">"http://www.atlassian.com"</link>

  7. Save changes.

  8. Quit VIM.

  9. Confluence を再起動します。

  10. The element will look like below:

    <a  id="whats-new-menu-link" href="/confluence"http://www.atlassian.com"" class="    "      title="" >
        What’s new
</a>

Changing the AJS Parameters

  1. Confluence を停止します。

  2. Browse to the following path:

    Confluence-Installation-Directory/confluence/decorators/includes
  3. VIM to header.vm

  4. Look for the following properties:

    #putMetadata('version-number', $generalUtil.versionNumber)
#putMetadata('build-number', $generalUtil.buildNumber)

  5. As a workaround, change it to the following:

    #putMetadata('version-number', '99')
#putMetadata('build-number', '99')
  6. Save changes.
  7. Quit VIM.
  8. Confluence を再起動します。

  9. Instead of looking like below:

    <meta name="ajs-version-number" content="6.13.4">
<meta name="ajs-build-number" content="7901">

  10. You should see the following in the headers instead:

    <meta name="ajs-version-number" '99'>
<meta name="ajs-build-number" '99'>

(warning) PS: avoid using values lower than 5 for "ajs-version-number" as it can break the Source Editor:

Changing the Footer Version

  1. Confluence を停止します。

  2. Browse to the following path:

    Confluence-Installation-Directory/confluence/decorators/includes
  3. VIM to footer-content.vm

  4. Look for the following property:

    <span id='footer-build-information'>$generalUtil.versionNumber</span>

  5. As a workaround, change it to the following:

    <span id='footer-build-information'></span>

  6. Look for the following property and remove it:

    <li class="print-only">$action.getText('printed.by.atlassian.confluence.footer',["$generalUtil.versionNumber"])</li>
  7. Save changes.
  8. Quit VIM.
  9. Confluence を再起動します。
  10. Footer should no longer display the application version on it.
  1. Confluence を停止します。

  2. Browse to the following path:

    Confluence-Installation-Directory/confluence/WEB-INF/lib


  3. VIM to the following JAR:

    vim confluence-6.13.4.jar


  4. Look for /plugins/global-help-sections.xml and edit it.

  5. Look for the following line:

    <link linkId="confluence-help-link">$docBean.getLink("help.online.help")</link>


  6. Change it to below:

    <link linkId="confluence-help-link">"http://www.atlassian.com"</link>


  7. Save changes.
  8. Quit VIM.
  9. Confluence を再起動します。
  1. Confluence を停止します。

  2. Browse to the following path:

    Confluence-Installation-Directory/confluence/about


  3. VIM to the following JAR:

    vim about-page-content.vm


  4. Remove following line

    <h3>$i18n.getText('aboutpage.version', $versionNumber)</h3>


  5. Save changes.
  6. Quit VIM.
  7. Confluence を再起動します。

その他

There's a feature request in place that aims for a feature where administrators could toggle displaying version information on/off:





最終更新日 2023 年 4 月 28 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する

関連コンテンツ

  • 関連コンテンツがありません
Powered by Confluence and Scroll Viewport.