My guess is that it was meant as a nice gesture but devs didnāt really think things through and also communicated it badly.
But shouldnāt we usually take steps to ensure that the version information of our web stack is concealed, as far as possible? I thought this was good practice.
It seems at the very least like something that should be opt-inā¦
AFAIK certain services that use the API depend on it. Also I donāt think it really changes anything, most automated attacks donāt care about that and just brute force all the vulnerabilities ranging from newest to oldest.