Reverse proxy version indication
Incident Report for The Things Network
Resolved
We were notified by security researcher Ravindra Dagale that the version of the reverse proxy that we use (nginx) on some of our endpoints, was reporting its version as part of the response headers and 404 pages. This is a potential security issue, as it informs attachers exactly what software is running on the server, which may have (known) vulnerabilities.

We thank Ravindra Dagale for using responsible disclosure for reporting this issue and making The Things Network a safer place.

Read more about our responsible disclosure policy: https://www.thethingsnetwork.org/responsible-disclosure
Posted Feb 19, 2021 - 12:00 CET