Nextcloud version: 19 Operating system and version: 20.04 nginx version : 1.18.0 PHP version: 7.4.3
The issue you are facing:
Hello,
I would like to hide the version numbers of the “Javascript Frameworks”; “Javascript libraries” and “Javascript graphics” software highlighted in yellow in the screenshot below.
I searched on the internet how to do it but I couldn’t find it.
I would like to hide these version numbers because with this kind of information, an attacker could easily find a vulnerability related to the current version.
I currently have very little knowledge about javascript.
How do they determine the version? Directly a version string in the comment or do they check specific parts that have changed? If it is the latter, it will be difficult.
Problem is if we hide, it will be hidden for developers as well and to keep this stuff updated will be more complicated. In doubt, an attacker can just try to attack and try if you have this vulnerable version. Security by obscurity…
Sure, it’s open source and you can change it. But it is also open source, so it shouldn’t be difficult to figure it out for an attacker. So it doesn’t really increase your security.
