[
https://issues.apache.org/jira/browse/CAUSEWAY-3750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17850391#comment-17850391
]
Jörg Rade commented on CAUSEWAY-3750:
-------------------------------------
Thereby a potential attacker could see which possible vulnerable libs are in
use?
> Configure visibility of the about page, as of Spring 3.3 use same prop that
> it does for SBOM
> --------------------------------------------------------------------------------------------
>
> Key: CAUSEWAY-3750
> URL: https://issues.apache.org/jira/browse/CAUSEWAY-3750
> Project: Causeway
> Issue Type: New Feature
> Components: Viewer Wicket
> Affects Versions: 2.0.0
> Reporter: Daniel Keir Haywood
> Priority: Minor
>
> the Wicket viewer's about page shows a list of the jar files that make up the
> app.
> All very nice, but should be under config prop control (perhaps it is
> already?)
> And, as of Spring Boot 3.3, there is a config prop to control; let's use the
> same?
> management.endpoints.web.exposure.include=health,sbom
> [SBOM support in Spring Boot
> 3.3|https://spring.io/blog/2024/05/24/sbom-support-in-spring-boot-3-3]
>
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
