Hiding the Jira version number from page markup

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.

Problem

Jira shows the application version number in various places, both visible on the page and hidden in the underlying HTML markup.

This may be a concern if you do not wish to have the version number of your instance shown.

Solution outcome

  • Remove the version number from the Jira footer:

    Atlassian Jira Project Management Software (v7.13.11#713011-sha1:b4933e0)
  • Remove the version number inserted page header element

    <meta name="ajs-version-number" content="7.13.11">
    <meta name="ajs-build-number" content="713011">
  • Remove the version number in page body element data-version:

    <body id="jira" class="aui-layout aui-theme-default page-type-dashboard" data-version="7.13.11" data-aui-version="7.13.0">

Workaround

The steps in this KB article involve editing Jira source code files, and as such are considered to be customization. They are provided on an as-is basis only and are not supported by Atlassian.

We recommend backing up any files modified so that the changes can be rolled back if something goes wrong. After following the steps in this KB, Jira should be tested afterwards to ensure there are no unintended effects on the application.

Limitations of this workaround include:

  1. This workaround does not prevent your system from being fingerprinted in other ways.

  2. This workaround will need to be re-applied each time you upgrade Jira. It may not work or may need to be adjusted for future versions of Jira. Atlassian does not guarantee it will work for future versions

  3. This workaround does not hide the build number from static caches assets, for example

    <link rel="shortcut icon" href="/s/-xz3veb/713011/7aff4cd5e4b16e3f7ba7202ed02129c6/_/jira-favicon-hires.png">
  4. This workaround does not include hiding other version number occurrence not listed in Solution outcome. Other known areas include:
    JRASERVER-70987 - Getting issue details... STATUS



Step 1 - Disable JSP servlet mapping

We need to disable servlet mapping on certain JSP pages so that our changes will take effect.

  1. In a text editor, edit the file JIRA_INSTALL/atlassian-jira/WEB-INF/web.xml

  2. Comment out the following code blocks by wrapping them with <!-- --> tags

<!--     <servlet>
        <servlet-name>jsp.includes.loginform_jsp</servlet-name>
        <servlet-class>jsp.includes.loginform_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.loginpage_jsp</servlet-name>
        <servlet-class>jsp.includes.loginpage_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.global_002dtranslations_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.global_002dtranslations_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpre_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpre_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.footer_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.footer_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.header_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.header_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.header_002dnodecorator_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.header_002dnodecorator_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpost_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpost_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.head_002dcommon_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.decorators.general_002dhead_002dpost_jsp</servlet-name>
        <servlet-class>jsp.decorators.general_002dhead_002dpost_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.decorators.general_002dbody_002dpost_jsp</servlet-name>
        <servlet-class>jsp.decorators.general_002dbody_002dpost_jsp</servlet-class>
    </servlet> -->
    <!--<servlet>
        <servlet-name>jsp.decorators.general_002dhead_002dpre_jsp</servlet-name>
        <servlet-class>jsp.decorators.general_002dhead_002dpre_jsp</servlet-class>
    </servlet>-->
<!--     <servlet>
        <servlet-name>jsp.decorators.login_jsp</servlet-name>
        <servlet-class>jsp.decorators.login_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.decorators.general_002dbody_002dpre_jsp</servlet-name>
        <servlet-class>jsp.decorators.general_002dbody_002dpre_jsp</servlet-class>
    </servlet> -->
    <!--<servlet>
        <servlet-name>jsp.decorators.general_jsp</servlet-name>
        <servlet-class>jsp.decorators.general_jsp</servlet-class>
    </servlet>-->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.loginform_jsp</servlet-name>
        <url-pattern>/includes/loginform.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.loginpage_jsp</servlet-name>
        <url-pattern>/includes/loginpage.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.global_002dtranslations_jsp</servlet-name>
        <url-pattern>/includes/decorators/global-translations.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpre_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/head-common-nodecorator-pre.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.footer_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/footer.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.header_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/header.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.header_002dnodecorator_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/header-nodecorator.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpost_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/head-common-nodecorator-post.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/head-common.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.decorators.general_002dhead_002dpost_jsp</servlet-name>
        <url-pattern>/decorators/general-head-post.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.decorators.general_002dbody_002dpost_jsp</servlet-name>
        <url-pattern>/decorators/general-body-post.jsp</url-pattern>
    </servlet-mapping> -->
    <!--<servlet-mapping>
        <servlet-name>jsp.decorators.general_002dhead_002dpre_jsp</servlet-name>
        <url-pattern>/decorators/general-head-pre.jsp</url-pattern>
    </servlet-mapping>-->
<!--     <servlet-mapping>
        <servlet-name>jsp.decorators.login_jsp</servlet-name>
        <url-pattern>/decorators/login.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.decorators.general_002dbody_002dpre_jsp</servlet-name>
        <url-pattern>/decorators/general-body-pre.jsp</url-pattern>
    </servlet-mapping> -->
    <!--<servlet-mapping>
        <servlet-name>jsp.decorators.general_jsp</servlet-name>
        <url-pattern>/decorators/general.jsp</url-pattern>
    </servlet-mapping>-->

Step 2 - Remove versioning from template files

<JIRA_INSTALL>/atlassian-jira/decorators/login.jsp

  1. Change the line

    <%@ include file="/includes/decorators/aui-layout/head-common.jsp" %>

    to

    <%@ include file="/includes/decorators/aui-layout/head-common-noversion.jsp" %>
  2. Delete the following text from the <body> element:

    <%= ComponentAccessor.getComponent(ProductVersionDataBeanProvider.class).get().getBodyHtmlAttributes() %>

<JIRA_INSTALL>/atlassian-jira/includes/decorators/global-translations.jsp

  1. Delete the following <input> line:

    <input type="hidden" title="JiraVersion" value="<%= ComponentAccessor.getComponent(BuildUtilsInfo.class).getVersion() %>" />

Step 3 - Setup a new login page template

  1. Make a copy of the <JIRA_INSTALL>/atlassian-jira/includes/decorators/aui-layout/head-common.jsp file and name it head-common-noversion.jsp

  2. Open head-common-noversion.jsp in a text editor

  3. Remove the following lines:

    headerFooterRendering.includeVersionMetaTags(out);
    headerFooterRendering.requireCommonMetadata();
    headerFooterRendering.includeMetadata(out);

Step 4 - Remove the Jira footer

  1. Go to <JIRA_INSTALL>/atlassian-jira/WEB-INF/classes/templates/plugins/footer directory

  2. Modify the footer.vm file

  3. Remove the following line:

    <span id="footer-build-information">(v${buildVersion}#${buildNumber}${formattedCommitId}$!{formattedNodeId}${formattedPartnerName})</span>

Step 5 - Redirect the dashboard to login page

The dark feature public.access.disabled achieves the same thing, so this step is not required if you have the dark feature set

The system dashboard typically is available to unauthenticated users. This needs to be redirected to Jira’s normal login page:

  1. Edit the file JIRA_INSTALL/atlassian-jira/WEB-INF/classes/actions.xml

  2. Find 

    <action name="Dashboard">

    and change it to

    <action name="Dashboard" roles-required="use">

Step 6 - Finishing up

  1. Stop Jira

  2. Clear the contents of JIRA_INSTALL/work directory

  3. Start Jira

  4. Test and check that the workaround is in place and working well. It is recommended that you test all areas of Jira to ensure that there are no unintended effects



DescriptionHide version number from Jira markup
ProductJira




Last modified on Jun 8, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.