Hiding the Jira version number from page markup

関連コンテンツ

  • 関連コンテンツがありません

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: サーバーと Data Center のみ。この記事は、サーバーおよび Data Center プラットフォームのアトラシアン製品にのみ適用されます。

問題

Jira shows the application version number in various places, both visible on the page and hidden in the underlying HTML markup.

This may be a concern if you do not wish to have the version number of your instance shown.

回避策

The steps in this KB article involve editing Jira source code files, and as such are considered to be customization. They are provided on an as-is basis only and are not supported by Atlassian.

We recommend backing up any files modified so that the changes can be rolled back if something goes wrong. After following the steps in this KB, Jira should be tested afterwards to ensure there are no unintended effects on the application.

Workaround outcome

The workaround achieves the following outcomes

  • Remove the version number from the Jira footer:

    Atlassian Jira Project Management Software (v7.13.11#713011-sha1:b4933e0)

  • Remove the version number inserted page header element

    <meta name="ajs-version-number" content="7.13.11">
<meta name="ajs-build-number" content="713011">

  • Remove the version number in page body element data-version:

    <body id="jira" class="aui-layout aui-theme-default page-type-dashboard" data-version="7.13.11" data-aui-version="7.13.0">



Limitations of this workaround include:

  1. This workaround does not prevent your system's version from being fingerprinted in other ways

  2. This workaround will need to be re-applied each time you upgrade Jira. It was developed for version 7.13.11, and may need to be adjusted for future versions of Jira. Atlassian does not guarantee it will work at all for future versions

  3. This workaround does not include hiding other version number occurrences not listed in Workaround outcome. Other known areas include:

    1. Static caches asset build number, eg:

      <link rel="shortcut icon" href="/s/-xz3veb/713011/7aff4cd5e4b16e3f7ba7202ed02129c6/_/jira-favicon-hires.png">

    2. The <BaseURL>/secure/AboutPage.jspa page.

      The AboutPage.jspa in Jira can be accessed anonymously on the current versions of Jira.

      The above bug report will mitigate this for future versions, however, if you want to also hide the version number from this page, we'd need to completely block access to this page, by implementing the solution from How to block access to a specific URL at Tomcat.


      To do so, you may add the following code beneath the last </rule> tag (but before the </urlrewrite> line), on the '<Jira_Installation>/atlassian-jira/WEB-INF/urlrewrite.xml' file, save the changes and restart Jira.

      <rule>
	<from>AboutPage.jspa</from>
	<set type="status">403</set>
	<to>null</to>
</rule>

Step 1 - Disable JSP servlet mapping

We need to disable servlet mapping on certain JSP pages so that our changes will take effect.

  1. In a text editor, edit the file JIRA_INSTALL/atlassian-jira/WEB-INF/web.xml

  2. Comment out the following code blocks by wrapping them with <!-- --> tags

<!--     <servlet>
        <servlet-name>jsp.includes.loginform_jsp</servlet-name>
        <servlet-class>jsp.includes.loginform_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.loginpage_jsp</servlet-name>
        <servlet-class>jsp.includes.loginpage_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.global_002dtranslations_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.global_002dtranslations_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpre_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpre_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.footer_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.footer_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.header_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.header_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.header_002dnodecorator_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.header_002dnodecorator_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpost_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpost_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.head_002dcommon_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.decorators.general_002dhead_002dpost_jsp</servlet-name>
        <servlet-class>jsp.decorators.general_002dhead_002dpost_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.decorators.general_002dbody_002dpost_jsp</servlet-name>
        <servlet-class>jsp.decorators.general_002dbody_002dpost_jsp</servlet-class>
    </servlet> -->
    <!--<servlet>
        <servlet-name>jsp.decorators.general_002dhead_002dpre_jsp</servlet-name>
        <servlet-class>jsp.decorators.general_002dhead_002dpre_jsp</servlet-class>
    </servlet>-->
<!--     <servlet>
        <servlet-name>jsp.decorators.login_jsp</servlet-name>
        <servlet-class>jsp.decorators.login_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.decorators.general_002dbody_002dpre_jsp</servlet-name>
        <servlet-class>jsp.decorators.general_002dbody_002dpre_jsp</servlet-class>
    </servlet> -->
    <!--<servlet>
        <servlet-name>jsp.decorators.general_jsp</servlet-name>
        <servlet-class>jsp.decorators.general_jsp</servlet-class>
    </servlet>-->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.loginform_jsp</servlet-name>
        <url-pattern>/includes/loginform.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.loginpage_jsp</servlet-name>
        <url-pattern>/includes/loginpage.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.global_002dtranslations_jsp</servlet-name>
        <url-pattern>/includes/decorators/global-translations.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpre_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/head-common-nodecorator-pre.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.footer_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/footer.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.header_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/header.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.header_002dnodecorator_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/header-nodecorator.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpost_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/head-common-nodecorator-post.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/head-common.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.decorators.general_002dhead_002dpost_jsp</servlet-name>
        <url-pattern>/decorators/general-head-post.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.decorators.general_002dbody_002dpost_jsp</servlet-name>
        <url-pattern>/decorators/general-body-post.jsp</url-pattern>
    </servlet-mapping> -->
    <!--<servlet-mapping>
        <servlet-name>jsp.decorators.general_002dhead_002dpre_jsp</servlet-name>
        <url-pattern>/decorators/general-head-pre.jsp</url-pattern>
    </servlet-mapping>-->
<!--     <servlet-mapping>
        <servlet-name>jsp.decorators.login_jsp</servlet-name>
        <url-pattern>/decorators/login.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.decorators.general_002dbody_002dpre_jsp</servlet-name>
        <url-pattern>/decorators/general-body-pre.jsp</url-pattern>
    </servlet-mapping> -->
    <!--<servlet-mapping>
        <servlet-name>jsp.decorators.general_jsp</servlet-name>
        <url-pattern>/decorators/general.jsp</url-pattern>
    </servlet-mapping>-->

Step 2 - Remove versioning from template files

<JIRA_INSTALL>/atlassian-jira/decorators/login.jsp

  1. Change the line

    <%@ include file="/includes/decorators/aui-layout/head-common.jsp" %>

    to

    <%@ include file="/includes/decorators/aui-layout/head-common-noversion.jsp" %>

  2. Delete the following text from the <body> element:

    <%= ComponentAccessor.getComponent(ProductVersionDataBeanProvider.class).get().getBodyHtmlAttributes() %>

<JIRA_INSTALL>/atlassian-jira/includes/decorators/global-translations.jsp

  1. Delete the following <input> line:

    <input type="hidden" title="JiraVersion" value="<%= ComponentAccessor.getComponent(BuildUtilsInfo.class).getVersion() %>" />

Step 3 - Setup a new login page template

  1. Make a copy of the <JIRA_INSTALL>/atlassian-jira/includes/decorators/aui-layout/head-common.jsp file and name it head-common-noversion.jsp

  2. Open head-common-noversion.jsp in a text editor

  3. 以下の行を削除します。

    headerFooterRendering.includeVersionMetaTags(out);
headerFooterRendering.requireCommonMetadata();
headerFooterRendering.includeMetadata(out);

Step 4 - Remove the Jira footer

  1. Go to <JIRA_INSTALL>/atlassian-jira/WEB-INF/classes/templates/plugins/footer directory

  2. Modify the footer.vm file

  3. Remove the following line:

    <span id="footer-build-information">(v${buildVersion}#${buildNumber}${formattedCommitId}$!{formattedNodeId}${formattedPartnerName})</span>

Step 5 - Redirect the dashboard to login page

The dark feature public.access.disabled achieves the same thing, so this step is not required if you have the dark feature set

The system dashboard typically is available to unauthenticated users. This needs to be redirected to Jira’s normal login page:

  1. Edit the file JIRA_INSTALL/atlassian-jira/WEB-INF/classes/actions.xml

  2. Find 

    <action name="Dashboard">

    and change it to

    <action name="Dashboard" roles-required="use">

Step 6 - Finishing up

  1. Jira を停止します。

  2. Clear the contents of JIRA_INSTALL/work directory

  3. Jira の起動

  4. Test and check that the workaround is in place and working well. It is recommended that you test all areas of Jira to ensure that there are no unintended effects


説明Hide version number from Jira markup
製品Jira





最終更新日 2022 年 9 月 9 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する

関連コンテンツ

  • 関連コンテンツがありません
Powered by Confluence and Scroll Viewport.