SEND_VERSION

Occasionally we will get support cases where someone has run their eye over a Genero application with a security hat on and reports back that something is not as good with the Genero application as it could be.  Based on their findings, we may then make changes to our products so that we comply better with their security recommendations.

One such instance occurred recently where it was reported back that some version information was available in the X-FourJs headers.   As part of that case https://4js.com/support/issue/?id=GAS-03889 we removed the unnecessary version information.  We did provide a mechanism, in this case the SEND_VERSION element so that if you do want to see the removed information, it can be put back.  This might be useful for debugging and analysis purposes.

Whilst this individual entry is rather innocuous, some things to note …

• If you send us these security recommendations, we will analyse them and take them into account.
• One of the reasons for staying up to date is to ensure your system is as secure as possible.
• We won’t remove the information when using httpdispatch as httpdispatch is intended for development use only.
• Using -E argument when launching dispatcher, can be used to turn things on/off where it has been catered for rather than having to edit .xcf files.  See overriding configuration resources.  So in this case, fastcgidispatch -s -E res.http.send.version=TRUE. If you do find yourself editing .xcf files, look for a RESOURCE entry and use -E when starting dispatcher.