There is a way, though I won't go into it in a public forum. Any good admin will protect their forum to prevent this.
What is the downside to someone knowing which version is being run? Does it allow for possible security issues?
Indeed it doesn't protect your forum (unless you're a daft admin whose super administrator account is "admin" with an easy guessable password). Protecting the page means you aren't advertising your XF version. You and I may always update to the latest stable version but not everyone does. So it's possible to use the page to identify an XF forum that hasn't installed the 1.3.5 security update.Hiding the version doesn't protect your forum. At best, it can help against automated exploit scanners I guess, but since it only masks any potential vulnerabilities anyone dedicated enough is not going to be put off by this.
I certainly don't care about version information being exposed as I always keep my software up to date.
Indeed it doesn't protect your forum (unless you're a daft admin whose super administrator account is "admin" with an easy guessable password). Protecting the page means you aren't advertising your XF version. You and I may always update to the latest stable version but not everyone does. So it's possible to use the page to identify an XF forum that hasn't installed the 1.3.5 security update.
That security update only consider as an exploit if you have registered feeds from external sites.So it's possible to use the page to identify an XF forum that hasn't installed the 1.3.5 security update.
I know it's not an issue for many sites. It is for a few though and someone can identify if those sites are likely to be still vulnerable by their XF version in the install page if the site admin hasn't protected it.That security update only consider as an exploit if you have registered feeds from external sites.
We use essential cookies to make this site work, and optional cookies to enhance your experience.