Hi,
in an Acunetix report I’ve been told to delete those two files from my Matomo installation:
Development configuration files have been found that might disclose sensitive information.
Are these files required to run Matomo? And if not, why are they part of the installation?
Thanks
Daniel
Hi,
While I don’t think that showing these files is insecure (after all everyone can check their content in the github repo), they are not needed for Matomo, so you can configure your webserver to return 404 for requests to them.
Hi Lukas,
thank you for the information. I continue wondering why there are non-required files in the package, but however, I added the files to the list of files to delete after updating so for me this one is solved 
Thanks
Daniel