[ https://issues.apache.org/jira/browse/CALCITE-6280?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alessandro Solimando reopened CALCITE-6280: ------------------------------------------- > Jetty version number leaked by Avatica http server > -------------------------------------------------- > > Key: CALCITE-6280 > URL: https://issues.apache.org/jira/browse/CALCITE-6280 > Project: Calcite > Issue Type: Bug > Components: avatica > Affects Versions: 1.24.0 > Reporter: Vaibhav Joshi > Assignee: Vaibhav Joshi > Priority: Minor > Labels: pull-request-available > Fix For: 1.25.0 > > Time Spent: 1h 10m > Remaining Estimate: 0h > > Unauthorised access to HTTP server using curl returns the Jerry server > version. See sample response below > {code:java} > <html> > <head> > <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> > <title>Error 401 Unauthorized</title> > </head> > <body><h2>HTTP ERROR 401 Unauthorized</h2> > <table> > <tr><th>URI:</th><td>/</td></tr> > <tr><th>STATUS:</th><td>401</td></tr> > <tr><th>MESSAGE:</th><td>Unauthorized</td></tr> > <tr><th>SERVLET:</th><td>-</td></tr> > </table> > <hr/><a href="https://eclipse.org/jetty">Powered by Jetty:// > 9.4.44.v20210927</a><hr/> > </body> > </html> {code} > > For security reason, it's not advisable to return server version in the > response. > -- This message was sent by Atlassian Jira (v8.20.10#820010)