Deleting bower.json and composer.json


(Daniel Calliess) #1

Hi,

in an Acunetix report I’ve been told to delete those two files from my Matomo installation:

Development configuration files have been found that might disclose sensitive information.

Are these files required to run Matomo? And if not, why are they part of the installation?

Thanks
Daniel


(Lukas Winkler) #2

Hi,

While I don’t think that showing these files is insecure (after all everyone can check their content in the github repo), they are not needed for Matomo, so you can configure your webserver to return 404 for requests to them.


(Daniel Calliess) #3

Hi Lukas,

thank you for the information. I continue wondering why there are non-required files in the package, but however, I added the files to the list of files to delete after updating so for me this one is solved :slight_smile:

Thanks
Daniel