Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13414

Hide Jetty Server version header in HTTP responses

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.9.0, 3.0.0-beta1, 2.8.2
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Hide Jetty Server version in HTTP Response header. Some security analyzers would think this as an issue.

      1. Aftrerfix.png
        44 kB
        Surendra Singh Lilhore
      2. BeforeFix.png
        59 kB
        Surendra Singh Lilhore
      3. HADOOP-13414-001.patch
        0.8 kB
        Surendra Singh Lilhore
      4. HADOOP-13414-002.patch
        0.9 kB
        Surendra Singh Lilhore
      5. HADOOP-13414-branch-2.patch
        0.8 kB
        Surendra Singh Lilhore

        Activity

        Hide
        surendrasingh Surendra Singh Lilhore added a comment -

        Thanks Vinayakumar B for review and commit.

        Show
        surendrasingh Surendra Singh Lilhore added a comment - Thanks Vinayakumar B for review and commit.
        Hide
        hudson Hudson added a comment -

        SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11968 (See https://builds.apache.org/job/Hadoop-trunk-Commit/11968/)
        HADOOP-13414. Hide Jetty Server version header in HTTP responses. (vinayakumarb: rev a180ba408128b2d916822e78deb979bbcd1894da)

        • (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
        Show
        hudson Hudson added a comment - SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11968 (See https://builds.apache.org/job/Hadoop-trunk-Commit/11968/ ) HADOOP-13414 . Hide Jetty Server version header in HTTP responses. (vinayakumarb: rev a180ba408128b2d916822e78deb979bbcd1894da) (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
        Hide
        vinayrpet Vinayakumar B added a comment -

        +1 for branch-2 patch.
        Committed to trunk, branch-2 and branch-2.8
        Thanks Surendra Singh Lilhore for the contribution

        Show
        vinayrpet Vinayakumar B added a comment - +1 for branch-2 patch. Committed to trunk, branch-2 and branch-2.8 Thanks Surendra Singh Lilhore for the contribution
        Hide
        hadoopqa Hadoop QA added a comment -
        -1 overall



        Vote Subsystem Runtime Comment
        0 reexec 0m 20s Docker mode activated.
        +1 @author 0m 0s The patch does not contain any @author tags.
        -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
        +1 mvninstall 7m 7s branch-2 passed
        +1 compile 6m 8s branch-2 passed with JDK v1.8.0_131
        +1 compile 7m 0s branch-2 passed with JDK v1.7.0_131
        +1 checkstyle 0m 26s branch-2 passed
        +1 mvnsite 1m 2s branch-2 passed
        +1 findbugs 1m 47s branch-2 passed
        +1 javadoc 0m 43s branch-2 passed with JDK v1.8.0_131
        +1 javadoc 0m 51s branch-2 passed with JDK v1.7.0_131
        +1 mvninstall 0m 41s the patch passed
        +1 compile 5m 52s the patch passed with JDK v1.8.0_131
        +1 javac 5m 52s the patch passed
        +1 compile 6m 41s the patch passed with JDK v1.7.0_131
        +1 javac 6m 41s the patch passed
        +1 checkstyle 0m 26s the patch passed
        +1 mvnsite 0m 57s the patch passed
        +1 whitespace 0m 0s The patch has no whitespace issues.
        +1 findbugs 1m 54s the patch passed
        +1 javadoc 0m 42s the patch passed with JDK v1.8.0_131
        +1 javadoc 0m 51s the patch passed with JDK v1.7.0_131
        +1 unit 7m 52s hadoop-common in the patch passed with JDK v1.7.0_131.
        +1 asflicense 0m 23s The patch does not generate ASF License warnings.
        61m 30s



        Subsystem Report/Notes
        Docker Image:yetus/hadoop:5e40efe
        JIRA Issue HADOOP-13414
        JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12875666/HADOOP-13414-branch-2.patch
        Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
        uname Linux ac1f59a54d42 3.13.0-116-generic #163-Ubuntu SMP Fri Mar 31 14:13:22 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
        Build tool maven
        Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
        git revision branch-2 / 3404824
        Default Java 1.7.0_131
        Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_131 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_131
        findbugs v3.0.0
        JDK v1.7.0_131 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/12716/testReport/
        modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
        Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/12716/console
        Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 20s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 mvninstall 7m 7s branch-2 passed +1 compile 6m 8s branch-2 passed with JDK v1.8.0_131 +1 compile 7m 0s branch-2 passed with JDK v1.7.0_131 +1 checkstyle 0m 26s branch-2 passed +1 mvnsite 1m 2s branch-2 passed +1 findbugs 1m 47s branch-2 passed +1 javadoc 0m 43s branch-2 passed with JDK v1.8.0_131 +1 javadoc 0m 51s branch-2 passed with JDK v1.7.0_131 +1 mvninstall 0m 41s the patch passed +1 compile 5m 52s the patch passed with JDK v1.8.0_131 +1 javac 5m 52s the patch passed +1 compile 6m 41s the patch passed with JDK v1.7.0_131 +1 javac 6m 41s the patch passed +1 checkstyle 0m 26s the patch passed +1 mvnsite 0m 57s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 findbugs 1m 54s the patch passed +1 javadoc 0m 42s the patch passed with JDK v1.8.0_131 +1 javadoc 0m 51s the patch passed with JDK v1.7.0_131 +1 unit 7m 52s hadoop-common in the patch passed with JDK v1.7.0_131. +1 asflicense 0m 23s The patch does not generate ASF License warnings. 61m 30s Subsystem Report/Notes Docker Image:yetus/hadoop:5e40efe JIRA Issue HADOOP-13414 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12875666/HADOOP-13414-branch-2.patch Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux ac1f59a54d42 3.13.0-116-generic #163-Ubuntu SMP Fri Mar 31 14:13:22 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision branch-2 / 3404824 Default Java 1.7.0_131 Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_131 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_131 findbugs v3.0.0 JDK v1.7.0_131 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/12716/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/12716/console Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
        Hide
        surendrasingh Surendra Singh Lilhore added a comment -

        Thanks Vinayakumar B for review.
        Attached branch-2 patch..

        Show
        surendrasingh Surendra Singh Lilhore added a comment - Thanks Vinayakumar B for review. Attached branch-2 patch..
        Hide
        vinayrpet Vinayakumar B added a comment - - edited

        +1 for trunk patch.
        Needs separate patch for branch-2*. Please attach a patch for branch-2.
        Thanks

        Show
        vinayrpet Vinayakumar B added a comment - - edited +1 for trunk patch. Needs separate patch for branch-2*. Please attach a patch for branch-2. Thanks
        Hide
        hadoopqa Hadoop QA added a comment -
        -1 overall



        Vote Subsystem Runtime Comment
        0 reexec 0m 12s Docker mode activated.
        +1 @author 0m 0s The patch does not contain any @author tags.
        -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
        +1 mvninstall 16m 38s trunk passed
        +1 compile 17m 45s trunk passed
        +1 checkstyle 0m 40s trunk passed
        +1 mvnsite 1m 19s trunk passed
        +1 findbugs 1m 37s trunk passed
        +1 javadoc 0m 54s trunk passed
        +1 mvninstall 0m 47s the patch passed
        +1 compile 13m 9s the patch passed
        +1 javac 13m 9s the patch passed
        +1 checkstyle 0m 43s the patch passed
        +1 mvnsite 1m 13s the patch passed
        +1 whitespace 0m 0s The patch has no whitespace issues.
        +1 findbugs 1m 57s the patch passed
        +1 javadoc 0m 58s the patch passed
        +1 unit 8m 3s hadoop-common in the patch passed.
        +1 asflicense 0m 34s The patch does not generate ASF License warnings.
        68m 30s



        Subsystem Report/Notes
        Docker Image:yetus/hadoop:14b5c93
        JIRA Issue HADOOP-13414
        JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12875255/HADOOP-13414-002.patch
        Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
        uname Linux d6532b54d225 3.13.0-119-generic #166-Ubuntu SMP Wed May 3 12:18:55 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
        Build tool maven
        Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
        git revision trunk / 3be2659
        Default Java 1.8.0_131
        findbugs v3.1.0-RC1
        Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/12688/testReport/
        modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
        Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/12688/console
        Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 12s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 mvninstall 16m 38s trunk passed +1 compile 17m 45s trunk passed +1 checkstyle 0m 40s trunk passed +1 mvnsite 1m 19s trunk passed +1 findbugs 1m 37s trunk passed +1 javadoc 0m 54s trunk passed +1 mvninstall 0m 47s the patch passed +1 compile 13m 9s the patch passed +1 javac 13m 9s the patch passed +1 checkstyle 0m 43s the patch passed +1 mvnsite 1m 13s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 findbugs 1m 57s the patch passed +1 javadoc 0m 58s the patch passed +1 unit 8m 3s hadoop-common in the patch passed. +1 asflicense 0m 34s The patch does not generate ASF License warnings. 68m 30s Subsystem Report/Notes Docker Image:yetus/hadoop:14b5c93 JIRA Issue HADOOP-13414 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12875255/HADOOP-13414-002.patch Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux d6532b54d225 3.13.0-119-generic #166-Ubuntu SMP Wed May 3 12:18:55 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / 3be2659 Default Java 1.8.0_131 findbugs v3.1.0-RC1 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/12688/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/12688/console Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
        Hide
        surendrasingh Surendra Singh Lilhore added a comment -

        Thanks Vinayakumar B.
        Attached updated patch.. Please review..

        Show
        surendrasingh Surendra Singh Lilhore added a comment - Thanks Vinayakumar B . Attached updated patch.. Please review..
        Hide
        vinayrpet Vinayakumar B added a comment -

        Hi Surendra Singh Lilhore, looks like patch needs update.
        Can you update the patch?
        Assigning to you..

        Show
        vinayrpet Vinayakumar B added a comment - Hi Surendra Singh Lilhore , looks like patch needs update. Can you update the patch? Assigning to you..
        Hide
        surendrasingh Surendra Singh Lilhore added a comment -

        Hi Vinayakumar B, We fixed this issue internally. I have attached same patch here.. Please review..

        Show
        surendrasingh Surendra Singh Lilhore added a comment - Hi Vinayakumar B , We fixed this issue internally. I have attached same patch here.. Please review..

          People

          • Assignee:
            surendrasingh Surendra Singh Lilhore
            Reporter:
            vinayrpet Vinayakumar B
          • Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development