himanshug commented on pull request #9832: URL: https://github.com/apache/druid/pull/9832#issuecomment-639178915
considering druid is open source, attacker can already see/find-out jetty version used, so It wouldn't really matter if that information is included in response header or not. if particular jetty version has a vulnerability then we should try to upgrade jetty itself to prevent attacker from exploiting that. or, did this change originate from another reason? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
