How to Hide Version Information on Confluence
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
If unauthenticated, one can access Confluence's landing page and retrieve version information from the following places:
- Login page footer.
- Response Head AJS Tags.
- Response Body What's New Link.
- Response Body Confluence Help Link.
- About Confluence Link
Someone without good intentions could use this information to search for possible security vulnerabilities over the internet and hack Confluence. Therefore, if in a public facing instance, hiding these pieces of information can become a requirement for administrators. This knowledge base shows how to do that.
Environment
- Confluence Server, regardless of the version.
- Confluence Data Center, regardless of the version.
Diagnosis
- Example from Login page footer:
- From the Head Element at Confluence-Base-URL/login.action:
- From the Body Element at Confluence-Base-URL/login.action:
- From the Body Element at Confluence-Base-URL/login.action:
Cause
- This is an expected behaviour.
Workaround
Using VIM is the easiest way to modify the needed files inside the .JAR Files without extracting its contents. If VIM is not available because of any given reason, one can edit the needed files by following the instructions listed in How to edit files in Confluence JAR files.
Changing the Whats New Link
- Stop Confluence.
Browse to the following path:
Confluence-Installation-Directory/confluence/WEB-INF/atlassian-bundled-plugins
VIM to the following JAR:
vim confluence-whats-new-<confluence-version>.jar
Edit atlassian-plugin.xml
Look for the following:
<link linkId="whats-new-menu-link">$whatsnewFullLink</link>
As a workaround, change it to the following:
<link linkId="whats-new-menu-link">"http://www.atlassian.com"</link>
Save changes.
Quit VIM.
Restart Confluence.
The element will look like below:
<a id="whats-new-menu-link" href="/confluence"http://www.atlassian.com"" class=" " title="" > What’s new </a>
Changing the AJS Parameters
- Stop Confluence.
Browse to the following path:
Confluence-Installation-Directory/confluence/decorators/includes
- VIM to header.vm
Look for the following properties:
#putMetadata('version-number', $generalUtil.versionNumber) #putMetadata('build-number', $generalUtil.buildNumber)
As a workaround, change it to the following:
#putMetadata('version-number', '99') #putMetadata('build-number', '99')
- Save changes.
- Quit VIM.
- Restart Confluence.
Instead of looking like below:
<meta name="ajs-version-number" content="6.13.4"> <meta name="ajs-build-number" content="7901">
You should see the following in the headers instead:
<meta name="ajs-version-number" '99'> <meta name="ajs-build-number" '99'>
PS: avoid using values lower than 5 for "ajs-version-number" as it can break the Source Editor:
Changing the Footer Version
- Stop Confluence.
Browse to the following path:
Confluence-Installation-Directory/confluence/decorators/includes
- VIM to footer-content.vm
Look for the following property:
<span id='footer-build-information'>$generalUtil.versionNumber</span>
As a workaround, change it to the following:
<span id='footer-build-information'></span>
Look for the following property and remove it:
<li class="print-only">$action.getText('printed.by.atlassian.confluence.footer',["$generalUtil.versionNumber"])</li>
- Save changes.
- Quit VIM.
- Restart Confluence.
- Footer should no longer display the application version on it.
Changing the Help Link
- Stop Confluence.
Browse to the following path:
Confluence-Installation-Directory/confluence/WEB-INF/lib
VIM to the following JAR:
vim confluence-6.13.4.jar
- Look for /plugins/global-help-sections.xml and edit it.
Look for the following line:
<link linkId="confluence-help-link">$docBean.getLink("help.online.help")</link>
Change it to below:
<link linkId="confluence-help-link">"http://www.atlassian.com"</link>
- Save changes.
- Quit VIM.
- Restart Confluence.
Changing the About Confluence Link
- Stop Confluence.
Browse to the following path:
Confluence-Installation-Directory/confluence/about
VIM to the following JAR:
vim about-page-content.vm
Remove following line
<h3>$i18n.getText('aboutpage.version', $versionNumber)</h3>
- Save changes.
- Quit VIM.
- Restart Confluence.
Other Notes
There's a feature request in place that aims for a feature where administrators could toggle displaying version information on/off: