Hiding the Jira version number from page markup
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
Jira shows the application version number in various places, both visible on the page and hidden in the underlying HTML markup.
This may be a concern if you do not wish to have the version number of your instance shown.
Workaround
The steps in this KB article involve editing Jira source code files, and as such are considered to be customization. They are provided on an as-is basis only and are not supported by Atlassian.
We recommend backing up any files modified so that the changes can be rolled back if something goes wrong. After following the steps in this KB, Jira should be tested afterwards to ensure there are no unintended effects on the application.
Workaround outcome
The workaround achieves the following outcomes
Remove the version number from the Jira footer:
1Atlassian Jira Project Management Software (v7.13.11#713011-sha1:b4933e0)Remove the version number inserted page header element (⚠️ Does not apply to Jira 9, this workaround will not hide these values in Jira 9).
1 2<meta name="ajs-version-number" content="7.13.11"> <meta name="ajs-build-number" content="713011">Remove the version number in page body element data-version:
1<body id="jira" class="aui-layout aui-theme-default page-type-dashboard" data-version="7.13.11" data-aui-version="7.13.0">
Limitations of this workaround include:
This workaround does not prevent your system's version from being fingerprinted in other ways
This workaround will need to be re-applied each time you upgrade Jira. It was developed for version 7.13.11, and may need to be adjusted for future versions of Jira. Atlassian does not guarantee it will work at all for future versions
This workaround does not include hiding other version number occurrences not listed in Workaround outcome. Other known areas include:
Static caches asset build number, eg:
<link rel="shortcut icon" href="/s/-xz3veb/713011/7aff4cd5e4b16e3f7ba7202ed02129c6/_/jira-favicon-hires.png">The <BaseURL>/secure/AboutPage.jspa page.
ℹ️ The AboutPage.jspa in Jira can be accessed anonymously on the current versions of Jira.
This has been fixed in Jira 10.2.0 and later, but if you want to also hide the version number from this page, we'd need to completely block access to this page, by implementing the solution from How to block access to a specific URL at Tomcat.
To do so, you may add the following code beneath the last </rule> tag (but before the </urlrewrite> line), on the '<Jira_Installation>/atlassian-jira/WEB-INF/urlrewrite.xml' file, save the changes and restart Jira.
1 2 3 4 5<rule> <from>AboutPage.jspa</from> <set type="status">403</set> <to>null</to> </rule>
Step 1 - Disable JSP servlet mapping
We need to disable servlet mapping on certain JSP pages so that our changes will take effect.
In a text editor, edit the file JIRA_INSTALL/atlassian-jira/WEB-INF/web.xml
Comment out the following code blocks by wrapping them with <!-- --> tags
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<!-- <servlet>
<servlet-name>jsp.includes.loginform_jsp</servlet-name>
<servlet-class>jsp.includes.loginform_jsp</servlet-class>
</servlet> -->
<!-- <servlet>
<servlet-name>jsp.includes.loginpage_jsp</servlet-name>
<servlet-class>jsp.includes.loginpage_jsp</servlet-class>
</servlet> -->
<!-- <servlet>
<servlet-name>jsp.includes.decorators.global_002dtranslations_jsp</servlet-name>
<servlet-class>jsp.includes.decorators.global_002dtranslations_jsp</servlet-class>
</servlet> -->
<!-- <servlet>
<servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpre_jsp</servlet-name>
<servlet-class>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpre_jsp</servlet-class>
</servlet> -->
<!-- <servlet>
<servlet-name>jsp.includes.decorators.aui_002dlayout.footer_jsp</servlet-name>
<servlet-class>jsp.includes.decorators.aui_002dlayout.footer_jsp</servlet-class>
</servlet> -->
<!-- <servlet>
<servlet-name>jsp.includes.decorators.aui_002dlayout.header_jsp</servlet-name>
<servlet-class>jsp.includes.decorators.aui_002dlayout.header_jsp</servlet-class>
</servlet> -->
<!-- <servlet>
<servlet-name>jsp.includes.decorators.aui_002dlayout.header_002dnodecorator_jsp</servlet-name>
<servlet-class>jsp.includes.decorators.aui_002dlayout.header_002dnodecorator_jsp</servlet-class>
</servlet> -->
<!-- <servlet>
<servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpost_jsp</servlet-name>
<servlet-class>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpost_jsp</servlet-class>
</servlet> -->
<!-- <servlet>
<servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_jsp</servlet-name>
<servlet-class>jsp.includes.decorators.aui_002dlayout.head_002dcommon_jsp</servlet-class>
</servlet> -->
<!-- <servlet>
<servlet-name>jsp.decorators.general_002dhead_002dpost_jsp</servlet-name>
<servlet-class>jsp.decorators.general_002dhead_002dpost_jsp</servlet-class>
</servlet> -->
<!-- <servlet>
<servlet-name>jsp.decorators.general_002dbody_002dpost_jsp</servlet-name>
<servlet-class>jsp.decorators.general_002dbody_002dpost_jsp</servlet-class>
</servlet> -->
<!--<servlet>
<servlet-name>jsp.decorators.general_002dhead_002dpre_jsp</servlet-name>
<servlet-class>jsp.decorators.general_002dhead_002dpre_jsp</servlet-class>
</servlet>-->
<!-- <servlet>
<servlet-name>jsp.decorators.login_jsp</servlet-name>
<servlet-class>jsp.decorators.login_jsp</servlet-class>
</servlet> -->
<!-- <servlet>
<servlet-name>jsp.decorators.general_002dbody_002dpre_jsp</servlet-name>
<servlet-class>jsp.decorators.general_002dbody_002dpre_jsp</servlet-class>
</servlet> -->
<!--<servlet>
<servlet-name>jsp.decorators.general_jsp</servlet-name>
<servlet-class>jsp.decorators.general_jsp</servlet-class>
</servlet>-->
<!-- <servlet-mapping>
<servlet-name>jsp.includes.loginform_jsp</servlet-name>
<url-pattern>/includes/loginform.jsp</url-pattern>
</servlet-mapping> -->
<!-- <servlet-mapping>
<servlet-name>jsp.includes.loginpage_jsp</servlet-name>
<url-pattern>/includes/loginpage.jsp</url-pattern>
</servlet-mapping> -->
<!-- <servlet-mapping>
<servlet-name>jsp.includes.decorators.global_002dtranslations_jsp</servlet-name>
<url-pattern>/includes/decorators/global-translations.jsp</url-pattern>
</servlet-mapping> -->
<!-- <servlet-mapping>
<servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpre_jsp</servlet-name>
<url-pattern>/includes/decorators/aui-layout/head-common-nodecorator-pre.jsp</url-pattern>
</servlet-mapping> -->
<!-- <servlet-mapping>
<servlet-name>jsp.includes.decorators.aui_002dlayout.footer_jsp</servlet-name>
<url-pattern>/includes/decorators/aui-layout/footer.jsp</url-pattern>
</servlet-mapping> -->
<!-- <servlet-mapping>
<servlet-name>jsp.includes.decorators.aui_002dlayout.header_jsp</servlet-name>
<url-pattern>/includes/decorators/aui-layout/header.jsp</url-pattern>
</servlet-mapping> -->
<!-- <servlet-mapping>
<servlet-name>jsp.includes.decorators.aui_002dlayout.header_002dnodecorator_jsp</servlet-name>
<url-pattern>/includes/decorators/aui-layout/header-nodecorator.jsp</url-pattern>
</servlet-mapping> -->
<!-- <servlet-mapping>
<servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_002dnodecorator_002dpost_jsp</servlet-name>
<url-pattern>/includes/decorators/aui-layout/head-common-nodecorator-post.jsp</url-pattern>
</servlet-mapping> -->
<!-- <servlet-mapping>
<servlet-name>jsp.includes.decorators.aui_002dlayout.head_002dcommon_jsp</servlet-name>
<url-pattern>/includes/decorators/aui-layout/head-common.jsp</url-pattern>
</servlet-mapping> -->
<!-- <servlet-mapping>
<servlet-name>jsp.decorators.general_002dhead_002dpost_jsp</servlet-name>
<url-pattern>/decorators/general-head-post.jsp</url-pattern>
</servlet-mapping> -->
<!-- <servlet-mapping>
<servlet-name>jsp.decorators.general_002dbody_002dpost_jsp</servlet-name>
<url-pattern>/decorators/general-body-post.jsp</url-pattern>
</servlet-mapping> -->
<!--<servlet-mapping>
<servlet-name>jsp.decorators.general_002dhead_002dpre_jsp</servlet-name>
<url-pattern>/decorators/general-head-pre.jsp</url-pattern>
</servlet-mapping>-->
<!-- <servlet-mapping>
<servlet-name>jsp.decorators.login_jsp</servlet-name>
<url-pattern>/decorators/login.jsp</url-pattern>
</servlet-mapping> -->
<!-- <servlet-mapping>
<servlet-name>jsp.decorators.general_002dbody_002dpre_jsp</servlet-name>
<url-pattern>/decorators/general-body-pre.jsp</url-pattern>
</servlet-mapping> -->
<!--<servlet-mapping>
<servlet-name>jsp.decorators.general_jsp</servlet-name>
<url-pattern>/decorators/general.jsp</url-pattern>
</servlet-mapping>-->⚠️ The following entries are not present in Jira 9:
jsp.includes.decorators.aui_002dlayout.footer_jsp
jsp.decorators.general_002dhead_002dpost_jsp
jsp.decorators.general_002dhead_002dpre_jsp
jsp.decorators.general_002dbody_002dpre_jsp
Step 2 - Remove versioning from template files
<JIRA_INSTALL>/atlassian-jira/decorators/login.jsp
Change the line
1<%@ include file="/includes/decorators/aui-layout/head-common.jsp" %>to
1<%@ include file="/includes/decorators/aui-layout/head-common-noversion.jsp" %>Delete the following text from the <body> element:
1<%= ComponentAccessor.getComponent(ProductVersionDataBeanProvider.class).get().getBodyHtmlAttributes() %>
<JIRA_INSTALL>/atlassian-jira/includes/decorators/global-translations.jsp
Delete the following <input> line:
1<input type="hidden" title="JiraVersion" value="<%= ComponentAccessor.getComponent(BuildUtilsInfo.class).getVersion() %>" />
Step 3 - Setup a new login page template
Make a copy of the <JIRA_INSTALL>/atlassian-jira/includes/decorators/aui-layout/head-common.jsp file and name it head-common-noversion.jsp
Open head-common-noversion.jsp in a text editor
Remove the following lines:
1 2 3headerFooterRendering.includeVersionMetaTags(out); headerFooterRendering.requireCommonMetadata(); headerFooterRendering.includeMetadata(out);
Step 4 - Remove the Jira footer
Go to <JIRA_INSTALL>/atlassian-jira/WEB-INF/classes/templates/plugins/footer directory
Modify the footer.vm file
Remove the following line:
1<span id="footer-build-information">(v${buildVersion}#${buildNumber}${formattedCommitId}$!{formattedNodeId}${formattedPartnerName})</span>
Step 5 - Redirect the dashboard to login page
The dark feature public.access.disabled achieves the same thing, so this step is not required if you have the dark feature set
The system dashboard typically is available to unauthenticated users. This needs to be redirected to Jira’s normal login page:
Edit the file JIRA_INSTALL/atlassian-jira/WEB-INF/classes/actions.xml
Find
1<action name="Dashboard">and change it to
1<action name="Dashboard" roles-required="use">
Step 6 - Finishing up
Stop Jira
Clear the contents of JIRA_INSTALL/work directory
Start Jira
Test and check that the workaround is in place and working well. It is recommended that you test all areas of Jira to ensure that there are no unintended effects
Was this helpful?