hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-2528) Cross Origin Filter Http response split vulnerability protection rejects valid origins
Date Fri, 12 Sep 2014 22:50:35 GMT

    [ https://issues.apache.org/jira/browse/YARN-2528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14132246#comment-14132246
] 

Hadoop QA commented on YARN-2528:
---------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12668481/YARN-2528-v2.patch
  against trunk revision e65ae57.

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 1 new or modified
test files.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 javadoc{color}.  There were no new javadoc warning messages.

    {color:green}+1 eclipse:eclipse{color}.  The patch built with eclipse:eclipse.

    {color:green}+1 findbugs{color}.  The patch does not introduce any new Findbugs (version
2.0.3) warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:red}-1 core tests{color}.  The patch failed these unit tests in hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice:

                  org.apache.hadoop.yarn.server.applicationhistoryservice.TestFileSystemApplicationHistoryStore

    {color:green}+1 contrib tests{color}.  The patch passed contrib unit tests.

Test results: https://builds.apache.org/job/PreCommit-YARN-Build/4945//testReport/
Console output: https://builds.apache.org/job/PreCommit-YARN-Build/4945//console

This message is automatically generated.

> Cross Origin Filter Http response split vulnerability protection rejects valid origins
> --------------------------------------------------------------------------------------
>
>                 Key: YARN-2528
>                 URL: https://issues.apache.org/jira/browse/YARN-2528
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Jonathan Eagles
>            Assignee: Jonathan Eagles
>         Attachments: YARN-2528-v1.patch, YARN-2528-v2-split-header.patch, YARN-2528-v2.patch
>
>
> URLEncoding is too strong of a protection for HTTP Response Split Vulnerability protection
and major browser reject the encoded Origin. An adequate protection is simply to remove all
CRs LFs as in the case of PHP's header function.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message