[GH-ISSUE #314] Add server version to web ui #246

New issue

Closed

opened 2026-05-07 00:22:13 +02:00 by BreizhHardware · 6 comments

BreizhHardware commented 2026-05-07 00:22:13 +02:00

Owner

Copy link

Originally created by @poblabs on GitHub (Jun 6, 2022).
Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/314

I had a thought today that it may be a good idea to show the server version somewhere. Maybe on the sidebar of the web ui?

Originally created by @poblabs on GitHub (Jun 6, 2022). Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/314 I had a thought today that it may be a good idea to show the server version somewhere. Maybe on the sidebar of the web ui?

BreizhHardware 2026-05-07 00:22:13 +02:00

• closed this issue
• added the
  web-app
  question
  enhancement
  server
  labels

BreizhHardware commented 2026-05-07 00:22:14 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Jun 7, 2022):

This is typically bad security practice, because in case there are security vulnerabilities, it makes it easy for an attacker to find vulnerable instances. What is the actual reasoning behind this? You want to make sure you're up to date? In that case, maybe set up unattended-upgrades or something similar for Docker?

<!-- gh-comment-id:1149280074 --> @binwiederhier commented on GitHub (Jun 7, 2022): This is typically bad security practice, because in case there are security vulnerabilities, it makes it easy for an attacker to find vulnerable instances. What is the actual reasoning behind this? You want to make sure you're up to date? In that case, maybe set up `unattended-upgrades` or something similar for Docker?

BreizhHardware commented 2026-05-07 00:22:14 +02:00

Author

Owner

Copy link

@poblabs commented on GitHub (Jun 8, 2022):

Good point and I had considered that before submitting the ticket. Yes just
a reference to always stay up to date. I'm currently not running this in
docker but rather as the standalone binary. Would it be possible maybe to
put the version once the binary starts up on console?

If not no worries.

On Tue, Jun 7, 2022, 7:44 PM Philipp C. Heckel @.***>
wrote:

This is typically bad security practice, because in case there are
security vulnerabilities, it makes it easy for an attacker to find
vulnerable instances. What is the actual reasoning behind this? You want to
make sure you're up to date? In that case, maybe set up
unattended-upgrades or something similar for Docker?

—
Reply to this email directly, view it on GitHub
https://github.com/binwiederhier/ntfy/issues/314#issuecomment-1149280074,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AA2SYZ3EXU3LSYIXTOSF63TVN7NGJANCNFSM5X7W63YQ
.
You are receiving this because you authored the thread.Message ID:
@.***>

<!-- gh-comment-id:1149288677 --> @poblabs commented on GitHub (Jun 8, 2022): Good point and I had considered that before submitting the ticket. Yes just a reference to always stay up to date. I'm currently not running this in docker but rather as the standalone binary. Would it be possible maybe to put the version once the binary starts up on console? If not no worries. On Tue, Jun 7, 2022, 7:44 PM Philipp C. Heckel ***@***.***> wrote: > This is typically bad security practice, because in case there are > security vulnerabilities, it makes it easy for an attacker to find > vulnerable instances. What is the actual reasoning behind this? You want to > make sure you're up to date? In that case, maybe set up > unattended-upgrades or something similar for Docker? > > — > Reply to this email directly, view it on GitHub > <https://github.com/binwiederhier/ntfy/issues/314#issuecomment-1149280074>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AA2SYZ3EXU3LSYIXTOSF63TVN7NGJANCNFSM5X7W63YQ> > . > You are receiving this because you authored the thread.Message ID: > ***@***.***> >

BreizhHardware commented 2026-05-07 00:22:14 +02:00

Author

Owner

Copy link

@Mikaela commented on GitHub (Jun 8, 2022):

I am not sure security by obscurity is that great practice and it may make clientside debugging/troublesholting more difficult if e.g. third party server by a friend gets used.

<!-- gh-comment-id:1149499132 --> @Mikaela commented on GitHub (Jun 8, 2022): I am not sure security by obscurity is that great practice and it may make clientside debugging/troublesholting more difficult if e.g. third party server by a friend gets used.

BreizhHardware commented 2026-05-07 00:22:14 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Jun 8, 2022):

It is best practice and part of layered security. Apache and nginx and all the others have settings to hide the version number in their response headers.

I think @poblabs's problem is a different one and has been solved by packages (rpm/deb) or docker.

If y'all really feel strongly I can add it and make it configurable, but I don't really think it's necessary.

Adding it to the ntfy serve output though is not a problem.

https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens

https://httpd.apache.org/docs/2.4/mod/core.html#servertokens

<!-- gh-comment-id:1149755979 --> @binwiederhier commented on GitHub (Jun 8, 2022): It is best practice and part of layered security. Apache and nginx and all the others have settings to hide the version number in their response headers. I think @poblabs's problem is a different one and has been solved by packages (rpm/deb) or docker. If y'all really feel strongly I can add it and make it configurable, but I don't really think it's necessary. Adding it to the `ntfy serve` output though is not a problem. https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens https://httpd.apache.org/docs/2.4/mod/core.html#servertokens

BreizhHardware commented 2026-05-07 00:22:14 +02:00

Author

Owner

Copy link

@poblabs commented on GitHub (Jun 8, 2022):

Adding it to ntfy serve console output would work just fine. Thanks!

On Wed, Jun 8, 2022, 6:44 AM Philipp C. Heckel @.***>
wrote:

It is best practice and part of layered security. Apache and nginx and Lal
the others have settings to hide the version number in their response
headers.

I think @poblabs https://github.com/poblabs's problem is a different
one and has been solved by packages (rpm/deb) or docker.

If y'all really feel strongly I can add it and make it configurable, but I
don't really think it's necessary.

Adding it to the ntfy serve output though is not a problem.

—
Reply to this email directly, view it on GitHub
https://github.com/binwiederhier/ntfy/issues/314#issuecomment-1149755979,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AA2SYZ6FQT43NMPBWESBHL3VOB2RNANCNFSM5X7W63YQ
.
You are receiving this because you were mentioned.Message ID:
@.***>

<!-- gh-comment-id:1149771592 --> @poblabs commented on GitHub (Jun 8, 2022): Adding it to ntfy serve console output would work just fine. Thanks! On Wed, Jun 8, 2022, 6:44 AM Philipp C. Heckel ***@***.***> wrote: > It is best practice and part of layered security. Apache and nginx and Lal > the others have settings to hide the version number in their response > headers. > > I think @poblabs <https://github.com/poblabs>'s problem is a different > one and has been solved by packages (rpm/deb) or docker. > > If y'all really feel strongly I can add it and make it configurable, but I > don't really think it's necessary. > > Adding it to the ntfy serve output though is not a problem. > > — > Reply to this email directly, view it on GitHub > <https://github.com/binwiederhier/ntfy/issues/314#issuecomment-1149755979>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AA2SYZ6FQT43NMPBWESBHL3VOB2RNANCNFSM5X7W63YQ> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> >

BreizhHardware commented 2026-05-07 00:22:14 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Jun 12, 2022):

Done as part of github.com/binwiederhier/ntfy@cf0f002bfa

$ ntfy serve                              
2022/06/12 11:49:09 INFO Listening on :2586[http] :1025[smtp], ntfy v1.25.2-next, log level is TRACE

<!-- gh-comment-id:1153215101 --> @binwiederhier commented on GitHub (Jun 12, 2022): Done as part of https://github.com/binwiederhier/ntfy/commit/cf0f002bfa32eedb5ef4264a6c18ac3f2beecfa4 ``` $ ntfy serve 2022/06/12 11:49:09 INFO Listening on :2586[http] :1025[smtp], ntfy v1.25.2-next, log level is TRACE ```

BreizhHardware referenced this issue 2026-05-07 01:01:13 +02:00

[PR #246] [MERGED] WIP: iOS #1251

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/npm_and_yarn/web/fast-uri-3.1.2

email-verification

attachment-no-http2

attachment-fixes

attachment-s3

config-generator

postgres-replica

dockers-v2

postgres-support

postgres-webpush+user+message

postgres-webpush+user

postgres-webpush

1364-copy-action

crashfix

user-header

scalar-api-docs

cancel-scheduled

update-available

windows-server

303-update-notifications

postgres

admin-ui

require-login

http-clipboard

message-cache-lock

debian-stripe

predefined-users

busy-timeout

template-dir

ipv6

client-ip-header

apns-fix

feat_optional_require_login

security-updates

pg-message-cache

templating-disallow

templating-3

templating-2

message-size-limit+delay-limit

remove-rate-topics

html-emails

cf-priority

acl-underscores

auth-user-header

markdown

img-attach

web-improvements

utf8-headers

matrix-507-reject

http-response-writer

new-homepage-design

e2e

canary

windows

electron

update-messages

webhook-templating

v2.22.0

v2.21.0

v2.20.1

v2.20.0

v2.19.2

v2.19.1

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.14.0

v2.13.0

v2.12.0

v2.11.0

v2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

v2.0.0

v1.31.0

v1.30.1

v1.29.1

v1.29.0

v1.28.0

v1.27.2

v1.27.1

v1.26.0

v1.25.2

v1.25.1

v1.25.0

v1.24.0

v1.23.0

v1.22.0

v1.21.2

v1.21.1

v1.21.0

v1.20.0

v1.19.0

v1.18.1

v1.18.0

v1.17.1

v1.17.0

v1.16.0

v1.15.0

v1.14.1

v1.14.0

v1.13.0

v1.12.1

v1.12.0

v1.11.1

v1.11.2

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.7.0

v1.6.1

v1.6.0

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.8

v1.4.7

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.3

v1.3.1

v1.3.0

v1.2.5

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.0

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels   

ai-generated

  

android-app

  

android-app

  

android-app

  

🪲 bug

  

build

  

build

  

dependencies

  

docs

  

enhancement

  

enhancement

  

🔥 HOT

  

in-progress 🏃

  

ios

  

prio:low

  

prio:low

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

🔒 security

  

server

  

server

  

unified-push

  

web-app

  

website

No labels

ai-generated

android-app

android-app

android-app

🪲 bug

build

build

dependencies

docs

enhancement

enhancement

🔥 HOT

in-progress 🏃

ios

prio:low

prio:low

pull-request

question

🔒 security

server

server

unified-push

web-app

website

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ntfy#246

No description provided.