Closed noki2000 closed 6 months ago
This is just build info which would be the same for any installation, there's no sensitive info being leaked at all right? It'd probably still be good to remove it since it's unnecessary anyways.
Right, no sensitive information is leaked. But as you suggest, @bo0tzz, deleting (or perhaps putting it behind the login page) would be the way to go.
I'd recommend we just have npm run build
vs npm run build:stats
. The latter is the only command that produces this file.
The bug
Hello!
I noticed that the "Rollup Visualizer" is accessible even without a login - and not accessible only after passing the login page as it should probably be - therefore a potential breach of information might occur.
The OS that Immich Server is running on
Raspberry Pi OS
Version of Immich Server
v1.101.0
Version of Immich Mobile App
v1.101.0
Platform with the issue
Your docker-compose.yml content
Your .env content
Reproduction steps
Relevant log output
No response
Additional information
No response