Magento2: [Magento_Version] Do not publicly disclose store version
Hi,
Looks like we have this particular Magento_Version module, that the unique purpose is to disclose publicly which Magento version and edition the store is running. Although is a good idea to allow other systems that integrate to Magento retrieve the current version to do proper API calls, I strongly believe this should not be available wide open, but rather inside secure/authenticated endpoint.
Can we make this call authenticated? Or maybe remove the module at all? Why outsiders need to know which minor version a particular store is running?
Thanks!
kassner
All 8 comments
I agree, I would not show this as a public available information per default.
avoelkl
on 26 Sep 2016
@kassner your proposition looks like an improvement.
Could you please transfer it to the new Magento 2 Feature Requests and Improvements forum (see details here)?
veloraven
on 20 Dec 2016
@veloraven no, I think it is a security issue, not a feature request.
kassner
on 20 Dec 2016
@kassner than please format it according to the Issue reporting guidelines: with steps to reproduce, actual result and expected result.
Please, also identify which version of Magento you are running.
veloraven
on 21 Dec 2016
According to contributor guide, tickets without response for two weeks should be closed.
If this issue still reproducible please feel free to create the new one: format new issue according to the Issue reporting guidelines: with steps to reproduce, actual result and expected result and specify Magento version.
veloraven
on 11 Jan 2017
@benmarks @sherrierohde What is the point of having community moderators if the only thing they do is poking about a damn ticket structure?
kassner
on 11 Jan 2017
You were told to go to the forums or reformat the issue according to the guidelines and you failed to do it. These rules are probably here to keep things in order and have a clear workflow (and make things reproducible for others FWIW).
If everybody thinks the issue they are reporting is more important than others and that they don't need to follow the guidelines because "the only thing they (community moderators) do is poking about a damn ticket structure" this would be a total chaos.
Guidelines are clear and moderators are just following them. Go ahead and restructure this or go to the forums, there is no need to be rude with the moderators because you don't like the way they manage things around here.
miguelbalparda
on 11 Jan 2017
I won't comment in this issue anymore, it was my mistake to bring up on
GitHub. Please lock it.
On Wed, 11 Jan 2017 at 12:13, Miguel Balparda notifications@github.com
wrote:
You were told to go to the forums or reformat the issue according to the
guidelines and you failed to do it. These rules are probably here to keep
things in order and have a clear workflow (and make things reproducible for
others FWIW).If everybody thinks the issue they are reporting is more important than
others and that they don't need to follow the guidelines because "the only
thing they (community moderators) do is poking about a damn ticket
structure" this would be a total chaos.Guidelines are clear and moderators are just following them. Go ahead and
restructure this or go to the forums, there is no need to be rude with the
moderators because you don't like the way they manage things around here.—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/magento/magento2/issues/6239#issuecomment-271878181,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AASYxwwvMBabH7GOPhJe9pqNyIvz6g2wks5rRONugaJpZM4Jn9Ju
.
kassner
on 11 Jan 2017
Related issues
salelsol
·
3Comments
jzalenski
·
3Comments
denis-g
·
3Comments
MauroNigrele
·
3Comments
PascalBrouwers
·
3Comments
Most helpful comment
@benmarks @sherrierohde What is the point of having community moderators if the only thing they do is poking about a damn ticket structure?