Reverse proxy version indication
Incident Report for The Things Network
We were notified by security researcher Rifat Khan that the version of the reverse proxy that we use (nginx) on some of our endpoints, was reporting its version as part of HTTP redirect headers. This is a potential security issue, as it informs attachers exactly what software is running on the server, which may have (known) vulnerabilities.

We thank Rifat Khan for using responsible disclosure for reporting this issue and making The Things Network a safer place.

Read more about our responsible disclosure policy:
Posted Apr 26, 2021 - 09:00 CEST