Hadoop Map/Reduce
  1. Hadoop Map/Reduce
  2. MAPREDUCE-3804

yarn webapp interface vulnerable to cross scripting attacks

    Details

    • Target Version/s:
    • Hadoop Flags:
      Reviewed
    • Release Note:
      fix cross scripting attacks vulnerability through webapp interface.

      Description

      Yarn webapp interface may be vulnerable to certain cross scripting attacks, injected through URL request.

      1. MAPREDUCE_3804_br_0.23.0.patch
        1 kB
        Dave Thompson
      2. MAPREDUCE-3804.patch
        1 kB
        Dave Thompson
      3. MAPREDUCE-3804.patch
        2 kB
        Dave Thompson

        Activity

        Hide
        Hudson added a comment -

        Integrated in Hadoop-Mapreduce-trunk #982 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/982/)
        MAPREDUCE-3804. yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby)

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225
        Files :

        • /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Mapreduce-trunk #982 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/982/ ) MAPREDUCE-3804 . yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby) bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225 Files : /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Mapreduce-0.23-Build #184 (See https://builds.apache.org/job/Hadoop-Mapreduce-0.23-Build/184/)
        svn merge -c 1241225 fixes MAPREDUCE-3804

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230
        Files :

        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Mapreduce-0.23-Build #184 (See https://builds.apache.org/job/Hadoop-Mapreduce-0.23-Build/184/ ) svn merge -c 1241225 fixes MAPREDUCE-3804 bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230 Files : /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Hdfs-0.23-Build #162 (See https://builds.apache.org/job/Hadoop-Hdfs-0.23-Build/162/)
        svn merge -c 1241225 fixes MAPREDUCE-3804

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230
        Files :

        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Hdfs-0.23-Build #162 (See https://builds.apache.org/job/Hadoop-Hdfs-0.23-Build/162/ ) svn merge -c 1241225 fixes MAPREDUCE-3804 bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230 Files : /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Hdfs-trunk #949 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/949/)
        MAPREDUCE-3804. yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby)

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225
        Files :

        • /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Hdfs-trunk #949 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/949/ ) MAPREDUCE-3804 . yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby) bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225 Files : /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Mapreduce-0.23-Commit #510 (See https://builds.apache.org/job/Hadoop-Mapreduce-0.23-Commit/510/)
        svn merge -c 1241225 fixes MAPREDUCE-3804

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230
        Files :

        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Mapreduce-0.23-Commit #510 (See https://builds.apache.org/job/Hadoop-Mapreduce-0.23-Commit/510/ ) svn merge -c 1241225 fixes MAPREDUCE-3804 bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230 Files : /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Mapreduce-trunk-Commit #1687 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/1687/)
        MAPREDUCE-3804. yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby)

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225
        Files :

        • /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Mapreduce-trunk-Commit #1687 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/1687/ ) MAPREDUCE-3804 . yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby) bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225 Files : /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Common-0.23-Commit #500 (See https://builds.apache.org/job/Hadoop-Common-0.23-Commit/500/)
        svn merge -c 1241225 fixes MAPREDUCE-3804

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230
        Files :

        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Common-0.23-Commit #500 (See https://builds.apache.org/job/Hadoop-Common-0.23-Commit/500/ ) svn merge -c 1241225 fixes MAPREDUCE-3804 bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230 Files : /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Hdfs-0.23-Commit #489 (See https://builds.apache.org/job/Hadoop-Hdfs-0.23-Commit/489/)
        svn merge -c 1241225 fixes MAPREDUCE-3804

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230
        Files :

        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Hdfs-0.23-Commit #489 (See https://builds.apache.org/job/Hadoop-Hdfs-0.23-Commit/489/ ) svn merge -c 1241225 fixes MAPREDUCE-3804 bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230 Files : /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Common-trunk-Commit #1673 (See https://builds.apache.org/job/Hadoop-Common-trunk-Commit/1673/)
        MAPREDUCE-3804. yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby)

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225
        Files :

        • /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Common-trunk-Commit #1673 (See https://builds.apache.org/job/Hadoop-Common-trunk-Commit/1673/ ) MAPREDUCE-3804 . yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby) bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225 Files : /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Hdfs-trunk-Commit #1746 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/1746/)
        MAPREDUCE-3804. yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby)

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225
        Files :

        • /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Hdfs-trunk-Commit #1746 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/1746/ ) MAPREDUCE-3804 . yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby) bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225 Files : /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Robert Joseph Evans added a comment -

        @Mahadev, I did rerun org.apache.hadoop.yarn.server.nodemanager.containermanager.monitor.TestContainersMonitor myself before committing and it passed.

        Show
        Robert Joseph Evans added a comment - @Mahadev, I did rerun org.apache.hadoop.yarn.server.nodemanager.containermanager.monitor.TestContainersMonitor myself before committing and it passed.
        Hide
        Robert Joseph Evans added a comment -

        Thanks Dave, I just committed this to trunk and 0.23

        Show
        Robert Joseph Evans added a comment - Thanks Dave, I just committed this to trunk and 0.23
        Hide
        Mahadev konar added a comment -

        @bobby/Dave,
        The reason TestContainersMonitor fails is due to MAPREDUCE-3583. I'd suggest re running through hudson just to make sure everything else is fine.

        Show
        Mahadev konar added a comment - @bobby/Dave, The reason TestContainersMonitor fails is due to MAPREDUCE-3583 . I'd suggest re running through hudson just to make sure everything else is fine.
        Hide
        Robert Joseph Evans added a comment -

        The patch looks good to me +1. Could you please file a separate JIRA for the failure in org.apache.hadoop.yarn.server.nodemanager.containermanager.monitor.TestContainersMonitor. It appears to not be related to this fix at all, but I could not find another JIRA for it, even though I found others where it also failed for them.

        Show
        Robert Joseph Evans added a comment - The patch looks good to me +1. Could you please file a separate JIRA for the failure in org.apache.hadoop.yarn.server.nodemanager.containermanager.monitor.TestContainersMonitor. It appears to not be related to this fix at all, but I could not find another JIRA for it, even though I found others where it also failed for them.
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12513499/MAPREDUCE-3804.patch
        against trunk revision .

        +1 @author. The patch does not contain any @author tags.

        -1 tests included. The patch doesn't appear to include any new or modified tests.
        Please justify why no new tests are needed for this patch.
        Also please list what manual steps were performed to verify this patch.

        +1 javadoc. The javadoc tool did not generate any warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 eclipse:eclipse. The patch built with eclipse:eclipse.

        +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        -1 core tests. The patch failed these unit tests:
        org.apache.hadoop.yarn.server.nodemanager.containermanager.monitor.TestContainersMonitor

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1797//testReport/
        Console output: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1797//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12513499/MAPREDUCE-3804.patch against trunk revision . +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 eclipse:eclipse. The patch built with eclipse:eclipse. +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: org.apache.hadoop.yarn.server.nodemanager.containermanager.monitor.TestContainersMonitor +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1797//testReport/ Console output: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1797//console This message is automatically generated.
        Hide
        Dave Thompson added a comment -

        Patch fixes above findbug issue. Also corrects vulnerability when containers are present.

        Show
        Dave Thompson added a comment - Patch fixes above findbug issue. Also corrects vulnerability when containers are present.
        Hide
        Mahadev konar added a comment -

        @Dave,
        Can you please take a look at the findbugs issue?

        Show
        Mahadev konar added a comment - @Dave, Can you please take a look at the findbugs issue?
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12513191/MAPREDUCE-3804.patch
        against trunk revision .

        +1 @author. The patch does not contain any @author tags.

        -1 tests included. The patch doesn't appear to include any new or modified tests.
        Please justify why no new tests are needed for this patch.
        Also please list what manual steps were performed to verify this patch.

        +1 javadoc. The javadoc tool did not generate any warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 eclipse:eclipse. The patch built with eclipse:eclipse.

        -1 findbugs. The patch appears to introduce 1 new Findbugs (version 1.3.9) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed unit tests in .

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1766//testReport/
        Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1766//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-yarn-common.html
        Console output: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1766//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12513191/MAPREDUCE-3804.patch against trunk revision . +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 eclipse:eclipse. The patch built with eclipse:eclipse. -1 findbugs. The patch appears to introduce 1 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed unit tests in . +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1766//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1766//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-yarn-common.html Console output: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1766//console This message is automatically generated.
        Hide
        Dave Thompson added a comment -

        Patch to prevent cross scripting vulnerability through webapp interface.

        Show
        Dave Thompson added a comment - Patch to prevent cross scripting vulnerability through webapp interface.

          People

          • Assignee:
            Dave Thompson
            Reporter:
            Dave Thompson
          • Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development