Root discovery disclosing the internal IP and port

Hi All,

We have installed the neo4j community version 4.2.3.

Currently, We are facing security issue where when we are send a GET request on / context. we are getting the internal connection detail.

[root@localhost package]# curl -XGET https://localhost:31474/
{
"bolt_routing" : "neo4j://localhost:7687",
"transaction" : "https://localhost:31474/db/{databaseName}/tx",
"bolt_direct" : "bolt://localhost:7687",
"neo4j_version" : "4.2.3",
"neo4j_edition" : "community"
}[root@localhost package]#

is there any way to solve this issue we tried the dbms.security.auth_enabled=true it is working for all the context (e.g. /db etc) but not working for / context.
After enabling the properties still without passing usrename and password we are able to get the response on / context

Thanks
Amritpal Singh