Comment From: mbhave
As discussed on the team call, the info endpoint could contain potentially sensitive information such as versions, git commit information etc. Unlike the health endpoint which shows limited information by default, exposing the /info endpoint's information by default on the web might lead to accidental exposure of some of this information.
Comment From: mbhave
Since the response of the info endpoint does not contain anything by default, I'm going to close this one. Configuring the InfoContributors is an additional step and at that point the user can make a decision about whether the information being exposed is sensitive or not (similar to the /health).
Comment From: bclozel
See #24533