Arina Ielchiieva created DRILL-7367: ---------------------------------------
Summary: Remove Server details from response headers Key: DRILL-7367 URL: https://issues.apache.org/jira/browse/DRILL-7367 Project: Apache Drill Issue Type: Bug Affects Versions: 1.16.0 Reporter: Arina Ielchiieva Assignee: Arina Ielchiieva Fix For: 1.17.0 Drill response headers include Server information which is considered to be a vulnerability. {noformat} curl http://localhost:8047/cluster.json -v -k * Trying ::1... * TCP_NODELAY set * Connected to localhost (::1) port 8047 (#0) > GET /cluster.json HTTP/1.1 > Host: localhost:8047 > User-Agent: curl/7.54.0 > Accept: */* > < HTTP/1.1 200 OK < Date: Thu, 05 Sep 2019 12:47:53 GMT < Content-Type: application/json < Content-Length: 436 < Server: Jetty(9.3.25.v20180904) {noformat} https://pentest-tools.com/blog/essential-http-security-headers/ -- This message was sent by Atlassian Jira (v8.3.2#803003)