[wp-trac] [WordPress Trac] #19549: Please remove X-Mailer from class-phpmailer

WordPress Trac wp-trac at lists.automattic.com
Tue Jan 3 22:18:37 UTC 2012


#19549: Please remove X-Mailer from class-phpmailer
-----------------------------------+-----------------------
 Reporter:  jwz                    |       Owner:  westi
     Type:  enhancement            |      Status:  assigned
 Priority:  normal                 |   Milestone:  3.4
Component:  External Libraries     |     Version:  3.3
 Severity:  minor                  |  Resolution:
 Keywords:  2nd-opinion has-patch  |
-----------------------------------+-----------------------

Comment (by nacin):

 > I think it's a big mistake for WordPress to tell the world what version
 number is running by default, but at least in the case of WordPress, I can
 override that.

 Detecting a version number of web application software that is in some way
 publicly accessible is trivial to pin down to a version number, or at
 least a major branch. It could be as simple as MD5'ing CSS or JS files.
 For example, you're hiding it well, but I could still ascertain that you
 are running 3.3 on jwz.org, and should update to 3.3.1 as it was a
 security release. :-)

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/19549#comment:13>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list