From 3b9f8229d441b4cee5f0ee02929eb1dc8165c65c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 3 May 2026 22:21:45 +0200
Subject: [PATCH] Report 'not authorized' for version in health endpoint if
 user lacks permission

---
 src/Controller/UpdateManagerController.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Controller/UpdateManagerController.php b/src/Controller/UpdateManagerController.php
index d74f94c0..4901da48 100644
--- a/src/Controller/UpdateManagerController.php
+++ b/src/Controller/UpdateManagerController.php
@@ -596,6 +596,8 @@ class UpdateManagerController extends AbstractController
 
         if ($this->isGranted('@system.show_updates')) {
             $response['version'] = $this->versionManager->getVersion()->toString();
+        } else {
+            $response['version'] = "not authorized";
         }
 
         return $this->json($response);