[wp-trac] [WordPress Trac] #19549: Please remove X-Mailer from class-phpmailer
WordPress Trac
wp-trac at lists.automattic.com
Tue Jan 3 22:18:37 UTC 2012
#19549: Please remove X-Mailer from class-phpmailer
-----------------------------------+-----------------------
Reporter: jwz | Owner: westi
Type: enhancement | Status: assigned
Priority: normal | Milestone: 3.4
Component: External Libraries | Version: 3.3
Severity: minor | Resolution:
Keywords: 2nd-opinion has-patch |
-----------------------------------+-----------------------
Comment (by nacin):
> I think it's a big mistake for WordPress to tell the world what version
number is running by default, but at least in the case of WordPress, I can
override that.
Detecting a version number of web application software that is in some way
publicly accessible is trivial to pin down to a version number, or at
least a major branch. It could be as simple as MD5'ing CSS or JS files.
For example, you're hiding it well, but I could still ascertain that you
are running 3.3 on jwz.org, and should update to 3.3.1 as it was a
security release. :-)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19549#comment:13>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list