curl https://demo.univention.de/univention/meta.json | python -m json.tool | less The meta.json for unauthenticated users leaks information about the domain, e.g fqdn and serveraddress +++ This bug was initially created as a clone of Bug #54257 +++
(EXPERIMENTAL) Potentially sensitive data in the `meta.json` file can now be hidden using the EXPERIMENTAL UCR variable `umc/web/meta/hide-sensible-data`. Additionally, the server's address is no longer included in the `meta.json` file by default. It is now only visible during system setup. Successful build Package: univention-portal Version: 6.1.2 Branch: 5.2-0 Scope: errata5.2-1 Successful build Package: univention-management-console Version: 14.1.4 Branch: 5.2-0 Scope: errata5.2-1
QA: OK: advisories OK: code review OK: server address hidden by default OK: `umc/web/meta/hide-sensitive-data` hides fqdn if set to true, deactivated by default
<https://errata.software-univention.de/#/?erratum=5.2x117> <https://errata.software-univention.de/#/?erratum=5.2x118>