I think that full version number is important and we will gain no extra security by hiding it by default, just more pain when debugging. You always have an option to disable the headers yourself, if you think it will gain you any extra security.
** Bug watch added: Debian Bug tracker #582204 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582204 ** Also affects: php5 (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582204 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1002443 Title: php5-fpm exposes full ubuntu package version in headers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1002443/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs