[Bug 1002443] [NEW] php5-fpm exposes full ubuntu package version in headers
Nathan Williams
nathan at nathanewilliams.com
Mon May 21 18:59:16 UTC 2012
Public bug reported:
Issue: php5-fpm sets a header displaying the full Ubuntu package version
What should happen: At most, the version of PHP should be shown similar to
how Apache version is shown, e.g. PHP/5.3.10
What happens: the full Ubuntu package version is exposed in the X-Powered-By
header
nathan at juttenheim:~$ curl -I localhost:8080
HTTP/1.1 200 OK
Server: nginx/1.1.19
Date: Mon, 21 May 2012 18:51:17 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.10-1ubuntu3.1
nathan at juttenheim:~$ sudo sed -i 's/^expose_php = On/expose_php = Off/g' /etc/php5/fpm/php.ini
nathan at juttenheim:~$ sudo service php5-fpm restart
* Restarting PHP5 FastCGI Process Manager php5-fpm [ OK ]
nathan at juttenheim:~$ curl -I localhost:8080
HTTP/1.1 200 OK
Server: nginx/1.1.19
Date: Mon, 21 May 2012 18:51:57 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: php5-fpm 5.3.10-1ubuntu3.1
Uname: Linux 3.0.18-linode43 i686
ApportVersion: 2.0.1-0ubuntu7
Architecture: i386
Date: Mon May 21 11:52:47 2012
InstallationMedia:
ProcEnviron:
TERM=xterm
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: php5
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.php5.fpm.pool.d.www.conf: [modified]
mtime.conffile..etc.php5.fpm.pool.d.www.conf: 2012-05-02T22:34:44
** Affects: php5 (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug i386 precise
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1002443
Title:
php5-fpm exposes full ubuntu package version in headers
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1002443/+subscriptions
More information about the Ubuntu-server-bugs
mailing list