hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Joseph Evans (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-3804) yarn webapp interface vulnerable to cross scripting attacks
Date Mon, 06 Feb 2012 22:00:59 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-3804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13201652#comment-13201652

Robert Joseph Evans commented on MAPREDUCE-3804:

The patch looks good to me +1.  Could you please file a separate JIRA for the failure in org.apache.hadoop.yarn.server.nodemanager.containermanager.monitor.TestContainersMonitor.
 It appears to not be related to this fix at all, but I could not find another JIRA for it,
even though I found others where it also failed for them.
> yarn webapp interface vulnerable to cross scripting attacks
> -----------------------------------------------------------
>                 Key: MAPREDUCE-3804
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-3804
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: jobhistoryserver, mrv2, resourcemanager
>    Affects Versions: 0.23.0
>            Reporter: Dave Thompson
>            Assignee: Dave Thompson
>             Fix For: 0.23.1
>         Attachments: MAPREDUCE-3804.patch, MAPREDUCE-3804.patch, MAPREDUCE_3804_br_0.23.0.patch
> Yarn webapp interface may be vulnerable to certain cross scripting attacks, injected
through URL request.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message