[
https://issues.apache.org/jira/browse/SOLR-17727?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17941829#comment-17941829
]
Jan Høydahl commented on SOLR-17727:
------------------------------------
Some security audit firms will file a warning for servers on the network that
advertise their name and version. Apparently since it gives valuable
information to attackers on what vunerabilities it contains. While I think such
concerns are more valid for user-facing services than for backend services like
Solr, it is something to consider, i.e. by making it configurable.
> The "Server" HTTP header should return Solr's version
> -----------------------------------------------------
>
> Key: SOLR-17727
> URL: https://issues.apache.org/jira/browse/SOLR-17727
> Project: Solr
> Issue Type: Improvement
> Reporter: David Smiley
> Priority: Minor
> Labels: newdev
>
> Solr doesn't return the
> "[Server|https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Server]";
> HTTP response header yet but it would be potentially helpful if it did +with
> Solr's version+. It would be of potential use by the recipient; perhaps to
> tweak its interpretation of the response format. It's hard to know in
> advance.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
