Spring-boot: Include Spring Boot Version in InfoContributor
There are many dashboards available for visualizing data provided by the /actuator endpoints in a spring boot app. It would be nice to include the Spring Boot Version provided by SpringBootVersion.getVersion() method inside InfoContributor by default. A similar request https://github.com/spring-cloud/spring-cloud-commons/issues/421 as been created for Spring Cloud Version.
Sarvesh-D
All 3 comments
I don't think that including by default the Spring Boot version information on the /info endpoint (which is exposed by default) is a great idea. In case a CVE is reported against a particular Spring Boot version, this makes things really easy to scan for vulnerable applications.
bclozel
on 3 Oct 2018
Agreed with @bclozel - Also info has been historically empty by default and I'd like to keep it that way.
snicoll
on 3 Oct 2018
We already have SimpleInfoContributor and SpringBootVersion that can be used to opt in to this behaviour:
@Bean
public SimpleInfoContributor springBootVersionInfoContributor() {
return new SimpleInfoContributor("spring-boot-version", SpringBootVersion.getVersion());
}
Given the security concern raised by @bclozel, I don't think we should do anything more here.
wilkinsona
on 3 Oct 2018
Related issues
rwinch
路
3Comments
snicoll
路
3Comments
wilkinsona
路
3Comments
shahid21st
路
3Comments
binarylegit
路
3Comments
Most helpful comment
I don't think that including by default the Spring Boot version information on the
/infoendpoint (which is exposed by default) is a great idea. In case a CVE is reported against a particular Spring Boot version, this makes things really easy to scan for vulnerable applications.