It has been observed that the Quay version number is displayed on the home page even when users are not authenticated. This behavior has been flagged as a high-severity security finding, particularly in regulated environments like government deployments.

Displaying version information publicly can aid attackers by providing them with specific version details that may be used to look up known vulnerabilities and exploit them. As a result, the exposure of version details without authentication is considered a security risk.

Quay has been deployed using the OpenShift Operator. No configuration option has been identified that would allow the version information to be hidden from unauthenticated users.

A configurable parameter is requested to optionally disable or hide the display of version details on the public-facing home page.

Business Impact
This issue has resulted in a high-severity finding during a security audit. The inability to suppress the version display may block compliance with internal security policies and external regulatory standards, potentially affecting authority to operate (ATO) status.