Ruby version is showing up in Webrick Headers, and we need to edit that for security reason #98
Comments
|
|
|
Can we also ensure this info is not displayed in future versions |
|
The configuration option for this header is named ServerSoftware. Hope this helps! Also, the code says: Lines 20 to 21 in 3515081 |
|
Closing as this is not a bug. Showing versions of software is not a security issue, and hiding versions of software is not a security fix. For questions regarding WEBrick, please open a Discussion instead of an Issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We have installed omsagent on server, which also install ruby : https://github.com/microsoft/OMS-Agent-for-Linux
If we curl ruby port localhost:25324, we can see ruby version in the output:
If the ruby version is displayed then it can lead to security concerns as it is regularly getting flagged in their pentest.
So you would like to check if it is possible to hide the ruby version information.
As per our research we might need to modify webrick configurations but we cannot find the same in terms of omsagent.
The text was updated successfully, but these errors were encountered: