Hiding the Jira version number from page markup

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

Jira shows the application version number in various places, both visible on the page and hidden in the underlying HTML markup.

This may be a concern if you do not wish to have the version number of your instance shown.

Workaround

The steps in this KB article involve editing Jira source code files, and as such are considered to be customization. They are provided on an as-is basis only and are not supported by Atlassian.

We recommend backing up any files modified so that the changes can be rolled back if something goes wrong. After following the steps in this KB, Jira should be tested afterwards to ensure there are no unintended effects on the application.

Workaround outcome

The workaround achieves the following outcomes

  • Remove the version number from the Jira footer:

    Atlassian Jira Project Management Software (v7.13.11#713011-sha1:b4933e0)

  • Remove the version number inserted page header element

    <meta name="ajs-version-number" content="7.13.11">
<meta name="ajs-build-number" content="713011">

  • Remove the version number in page body element data-version:

    <body id="jira" class="aui-layout aui-theme-default page-type-dashboard" data-version="7.13.11" data-aui-version="7.13.0">



Limitations of this workaround include:

  1. This workaround does not prevent your system's version from being fingerprinted in other ways

  2. This workaround will need to be re-applied each time you upgrade Jira. It was developed for version 7.13.11, and may need to be adjusted for future versions of Jira. Atlassian does not guarantee it will work at all for future versions

  3. This workaround does not include hiding other version number occurrences not listed in Workaround outcome. Other known areas include:

    1. Static caches asset build number, eg:

      <link rel="shortcut icon" href="/s/-xz3veb/713011/7aff4cd5e4b16e3f7ba7202ed02129c6/_/jira-favicon-hires.png">

    2. The <BaseURL>/secure/AboutPage.jspa page.

      The AboutPage.jspa in Jira can be accessed anonymously on the current versions of Jira.

      The above bug report will mitigate this for future versions, however, if you want to also hide the version number from this page, we'd need to completely block access to this page, by implementing the solution from How to block access to a specific URL at Tomcat.


      To do so, you may add the following code beneath the last </rule> tag (but before the </urlrewrite> line), on the '<Jira_Installation>/atlassian-jira/WEB-INF/urlrewrite.xml' file, save the changes and restart Jira.

      <rule>
	<from>AboutPage.jspa</from>
	<set type="status">403</set>
	<to>null</to>
</rule>

Step 1 - Disable JSP servlet mapping

We need to disable servlet mapping on certain JSP pages so that our changes will take effect.

  1. In a text editor, edit the file JIRA_INSTALL/atlassian-jira/WEB-INF/web.xml

  2. Comment out the following code blocks by wrapping them with <!-- --> tags

<!--     <servlet>
        <servlet-name>jsp.includes.loginform_jsp</servlet-name>
        <servlet-class>jsp.includes.loginform_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.loginpage_jsp</servlet-name>
        <servlet-class>jsp.includes.loginpage_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.global_002dtranslations_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.global_002dtranslations_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpre_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpre_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.footer_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.footer_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.header_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.header_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.header_002dnodecorator_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.header_002dnodecorator_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpost_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpost_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_jsp</servlet-name>
        <servlet-class>jsp.includes.decorators.aui_002dlayout.head_002dcommon_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.decorators.general_002dhead_002dpost_jsp</servlet-name>
        <servlet-class>jsp.decorators.general_002dhead_002dpost_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.decorators.general_002dbody_002dpost_jsp</servlet-name>
        <servlet-class>jsp.decorators.general_002dbody_002dpost_jsp</servlet-class>
    </servlet> -->
    <!--<servlet>
        <servlet-name>jsp.decorators.general_002dhead_002dpre_jsp</servlet-name>
        <servlet-class>jsp.decorators.general_002dhead_002dpre_jsp</servlet-class>
    </servlet>-->
<!--     <servlet>
        <servlet-name>jsp.decorators.login_jsp</servlet-name>
        <servlet-class>jsp.decorators.login_jsp</servlet-class>
    </servlet> -->
<!--     <servlet>
        <servlet-name>jsp.decorators.general_002dbody_002dpre_jsp</servlet-name>
        <servlet-class>jsp.decorators.general_002dbody_002dpre_jsp</servlet-class>
    </servlet> -->
    <!--<servlet>
        <servlet-name>jsp.decorators.general_jsp</servlet-name>
        <servlet-class>jsp.decorators.general_jsp</servlet-class>
    </servlet>-->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.loginform_jsp</servlet-name>
        <url-pattern>/includes/loginform.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.loginpage_jsp</servlet-name>
        <url-pattern>/includes/loginpage.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.global_002dtranslations_jsp</servlet-name>
        <url-pattern>/includes/decorators/global-translations.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpre_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/head-common-nodecorator-pre.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.footer_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/footer.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.header_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/header.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.header_002dnodecorator_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/header-nodecorator.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpost_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/head-common-nodecorator-post.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_jsp</servlet-name>
        <url-pattern>/includes/decorators/aui-layout/head-common.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.decorators.general_002dhead_002dpost_jsp</servlet-name>
        <url-pattern>/decorators/general-head-post.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.decorators.general_002dbody_002dpost_jsp</servlet-name>
        <url-pattern>/decorators/general-body-post.jsp</url-pattern>
    </servlet-mapping> -->
    <!--<servlet-mapping>
        <servlet-name>jsp.decorators.general_002dhead_002dpre_jsp</servlet-name>
        <url-pattern>/decorators/general-head-pre.jsp</url-pattern>
    </servlet-mapping>-->
<!--     <servlet-mapping>
        <servlet-name>jsp.decorators.login_jsp</servlet-name>
        <url-pattern>/decorators/login.jsp</url-pattern>
    </servlet-mapping> -->
<!--     <servlet-mapping>
        <servlet-name>jsp.decorators.general_002dbody_002dpre_jsp</servlet-name>
        <url-pattern>/decorators/general-body-pre.jsp</url-pattern>
    </servlet-mapping> -->
    <!--<servlet-mapping>
        <servlet-name>jsp.decorators.general_jsp</servlet-name>
        <url-pattern>/decorators/general.jsp</url-pattern>
    </servlet-mapping>-->

Step 2 - Remove versioning from template files

<JIRA_INSTALL>/atlassian-jira/decorators/login.jsp

  1. Change the line

    <%@ include file="/includes/decorators/aui-layout/head-common.jsp" %>

    to

    <%@ include file="/includes/decorators/aui-layout/head-common-noversion.jsp" %>

  2. Delete the following text from the <body> element:

    <%= ComponentAccessor.getComponent(ProductVersionDataBeanProvider.class).get().getBodyHtmlAttributes() %>

<JIRA_INSTALL>/atlassian-jira/includes/decorators/global-translations.jsp

  1. Delete the following <input> line:

    <input type="hidden" title="JiraVersion" value="<%= ComponentAccessor.getComponent(BuildUtilsInfo.class).getVersion() %>" />

Step 3 - Setup a new login page template

  1. Make a copy of the <JIRA_INSTALL>/atlassian-jira/includes/decorators/aui-layout/head-common.jsp file and name it head-common-noversion.jsp

  2. Open head-common-noversion.jsp in a text editor

  3. Remove the following lines:

    headerFooterRendering.includeVersionMetaTags(out);
headerFooterRendering.requireCommonMetadata();
headerFooterRendering.includeMetadata(out);

Step 4 - Remove the Jira footer

  1. Go to <JIRA_INSTALL>/atlassian-jira/WEB-INF/classes/templates/plugins/footer directory

  2. Modify the footer.vm file

  3. Remove the following line:

    <span id="footer-build-information">(v${buildVersion}#${buildNumber}${formattedCommitId}$!{formattedNodeId}${formattedPartnerName})</span>

Step 5 - Redirect the dashboard to login page

The dark feature public.access.disabled achieves the same thing, so this step is not required if you have the dark feature set

The system dashboard typically is available to unauthenticated users. This needs to be redirected to Jira’s normal login page:

  1. Edit the file JIRA_INSTALL/atlassian-jira/WEB-INF/classes/actions.xml

  2. Find 

    <action name="Dashboard">

    and change it to

    <action name="Dashboard" roles-required="use">

Step 6 - Finishing up

  1. Stop Jira

  2. Clear the contents of JIRA_INSTALL/work directory

  3. Start Jira

  4. Test and check that the workaround is in place and working well. It is recommended that you test all areas of Jira to ensure that there are no unintended effects


DescriptionHide version number from Jira markup
ProductJira





Last modified on Sep 9, 2022

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.