How to Hide Version Information on Confluence

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

If unauthenticated, one can access Confluence's landing page and retrieve version information from the following places:

  • Login page footer.
  • Response Head AJS Tags.
  • Response Body What's New Link.
  • Response Body Confluence Help Link.
  • About Confluence Link

Someone without good intentions could use this information to search for possible security vulnerabilities over the internet and hack Confluence. Therefore, if in a public facing instance, hiding these pieces of information can become a requirement for administrators. This knowledge base shows how to do that.

Environment

  • Confluence Server, regardless of the version.
  • Confluence Data Center, regardless of the version.

Diagnosis

  • Example from Login page footer:
  • From the Head Element at Confluence-Base-URL/login.action:

  • From the Body Element at Confluence-Base-URL/login.action:

  • From the Body Element at Confluence-Base-URL/login.action:

Cause

  • This is an expected behaviour.

Workaround

Using VIM is the easiest way to modify the needed files inside the .JAR Files without extracting its contents. If VIM is not available because of any given reason, one can edit the needed files by following the instructions listed in How to edit files in Confluence JAR files.


  1. Stop Confluence.
  2. Browse to the following path:

    Confluence-Installation-Directory/confluence/WEB-INF/atlassian-bundled-plugins
  3. VIM to the following JAR:

    vim confluence-whats-new-<confluence-version>.jar
  4. Edit atlassian-plugin.xml

  5. Look for the following:

    <link linkId="whats-new-menu-link">$whatsnewFullLink</link>
  6. As a workaround, change it to the following:

    <link linkId="whats-new-menu-link">"http://www.atlassian.com"</link>
  7. Save changes.

  8. Quit VIM.

  9. Restart Confluence.

  10. The element will look like below:

    <a  id="whats-new-menu-link" href="/confluence"http://www.atlassian.com"" class="    "      title="" >
            What’s new
    </a>

Changing the AJS Parameters

  1. Stop Confluence.
  2. Browse to the following path:

    Confluence-Installation-Directory/confluence/decorators/includes
  3. VIM to header.vm
  4. Look for the following properties:

    #putMetadata('version-number', $generalUtil.versionNumber)
    #putMetadata('build-number', $generalUtil.buildNumber)
  5. As a workaround, change it to the following:

    #putMetadata('version-number', '99')
    #putMetadata('build-number', '99')
  6. Save changes.
  7. Quit VIM.
  8. Restart Confluence.
  9. Instead of looking like below:

    <meta name="ajs-version-number" content="6.13.4">
    <meta name="ajs-build-number" content="7901">
  10. You should see the following in the headers instead:

    <meta name="ajs-version-number" '99'>
    <meta name="ajs-build-number" '99'>

(warning) PS: avoid using values lower than 5 for "ajs-version-number" as it can break the Source Editor:

Changing the Footer Version

  1. Stop Confluence.
  2. Browse to the following path:

    Confluence-Installation-Directory/confluence/decorators/includes
  3. VIM to footer-content.vm
  4. Look for the following property:

    <span id='footer-build-information'>$generalUtil.versionNumber</span>
  5. As a workaround, change it to the following:

    <span id='footer-build-information'></span>
    
    
  6. Look for the following property and remove it:

    <li class="print-only">$action.getText('printed.by.atlassian.confluence.footer',["$generalUtil.versionNumber"])</li>
  7. Save changes.
  8. Quit VIM.
  9. Restart Confluence.
  10. Footer should no longer display the application version on it.
  1. Stop Confluence.
  2. Browse to the following path:

    Confluence-Installation-Directory/confluence/WEB-INF/lib


  3. VIM to the following JAR:

    vim confluence-6.13.4.jar


  4. Look for /plugins/global-help-sections.xml and edit it.
  5. Look for the following line:

    <link linkId="confluence-help-link">$docBean.getLink("help.online.help")</link>


  6. Change it to below:

    <link linkId="confluence-help-link">"http://www.atlassian.com"</link>


  7. Save changes.
  8. Quit VIM.
  9. Restart Confluence.
  1. Stop Confluence.
  2. Browse to the following path:

    Confluence-Installation-Directory/confluence/about


  3. VIM to the following JAR:

    vim about-page-content.vm


  4. Remove following line

    <h3>$i18n.getText('aboutpage.version', $versionNumber)</h3>


  5. Save changes.
  6. Quit VIM.
  7. Restart Confluence.

Other Notes

There's a feature request in place that aims for a feature where administrators could toggle displaying version information on/off:





Last modified on Apr 28, 2023

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.