My guess is that it was meant as a nice gesture but devs didnât really think things through and also communicated it badly.
But shouldnât we usually take steps to ensure that the version information of our web stack is concealed, as far as possible? I thought this was good practice.
It seems at the very least like something that should be opt-inâŚ
AFAIK certain services that use the API depend on it. Also I donât think it really changes anything, most automated attacks donât care about that and just brute force all the vulnerabilities ranging from newest to oldest.