Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-7739

Security issue: the default install leaks the version

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Trivial
          • Resolution: Fixed/Completed
          • Affects Version/s: 3.3.5
          • Fix Version/s: 3.4.alpha
          • Component/s: Core CiviCRM
          • Labels:
            None

            Description

            Hi,

            civicrm-version.txt contains the version of civi (duh). it's accessible in clear from the installed site if you access

            sites/all/modules/civicrm/civicrm-version.txt

            on drupal or some easy to discover url.

            Suggested fix: rename to civicrm-version.php and prefix the line by "<? //"

              Attachments

                Activity

                  People

                  • Assignee:
                    kiran.jagtap Kiran Jagtap
                    Reporter:
                    xavier xavier dutoit
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: