Extend the HIDE_VERSION functionality to restrict component version to technical users

[andrew-mantha-rcgt]

Describe the problem

Component version information could be used by an attacker to find potential vulnerabilities to exploit. The Version information in the about page provides no benefit to most users and serves as a minor but potential security risk.

Describe the solution you'd like

One of two solutions:

• Restrict Version Information only to Superusers

• Allow hiding all version information from the UI entirely (The CLI still exists to dump all version info for troubleshooting).

Describe alternatives you've considered

No response

Screenshots

No response

Additional context

No response

[nijel]

Right now, HIDE_VERSION shows version information on the about page to authenticated users:

weblate/weblate/templates/about/index.html

Lines 53 to 55 in 1fb2157

	{% if not hide_version or user.is_authenticated %}
	<span>{{ ver.2 }}</span>
	{% endif %}

But it makes more sense to that only for superusers...

[github-actions]

Thank you for your report; the issue you have reported has just been fixed.

• In case you see a problem with the fix, please comment on this issue.
• In case you see a similar problem, please open a separate issue.
• If you are happy with the outcome, don’t hesitate to support Weblate by making a donation.