Hadoop Map/Reduce
  1. Hadoop Map/Reduce
  2. MAPREDUCE-3804

yarn webapp interface vulnerable to cross scripting attacks

    Details

    • Target Version/s:
    • Hadoop Flags:
      Reviewed
    • Release Note:
      fix cross scripting attacks vulnerability through webapp interface.

      Description

      Yarn webapp interface may be vulnerable to certain cross scripting attacks, injected through URL request.

      1. MAPREDUCE_3804_br_0.23.0.patch
        1 kB
        Dave Thompson
      2. MAPREDUCE-3804.patch
        2 kB
        Dave Thompson
      3. MAPREDUCE-3804.patch
        1 kB
        Dave Thompson

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Patch Available Patch Available Open Open
        21h 48m 1 Mahadev konar 04/Feb/12 20:09
        Open Open Patch Available Patch Available
        2d 2h 1m 2 Dave Thompson 06/Feb/12 21:24
        Patch Available Patch Available Resolved Resolved
        1h 18m 1 Robert Joseph Evans 06/Feb/12 22:42
        Resolved Resolved Closed Closed
        27d 4h 7m 1 Arun C Murthy 05/Mar/12 02:49
        Arun C Murthy made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Mapreduce-trunk #982 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/982/)
        MAPREDUCE-3804. yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby)

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225
        Files :

        • /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Mapreduce-trunk #982 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/982/ ) MAPREDUCE-3804 . yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby) bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225 Files : /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Mapreduce-0.23-Build #184 (See https://builds.apache.org/job/Hadoop-Mapreduce-0.23-Build/184/)
        svn merge -c 1241225 fixes MAPREDUCE-3804

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230
        Files :

        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Mapreduce-0.23-Build #184 (See https://builds.apache.org/job/Hadoop-Mapreduce-0.23-Build/184/ ) svn merge -c 1241225 fixes MAPREDUCE-3804 bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230 Files : /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Hdfs-0.23-Build #162 (See https://builds.apache.org/job/Hadoop-Hdfs-0.23-Build/162/)
        svn merge -c 1241225 fixes MAPREDUCE-3804

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230
        Files :

        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Hdfs-0.23-Build #162 (See https://builds.apache.org/job/Hadoop-Hdfs-0.23-Build/162/ ) svn merge -c 1241225 fixes MAPREDUCE-3804 bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230 Files : /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Hdfs-trunk #949 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/949/)
        MAPREDUCE-3804. yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby)

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225
        Files :

        • /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Hdfs-trunk #949 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/949/ ) MAPREDUCE-3804 . yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby) bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225 Files : /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Mapreduce-0.23-Commit #510 (See https://builds.apache.org/job/Hadoop-Mapreduce-0.23-Commit/510/)
        svn merge -c 1241225 fixes MAPREDUCE-3804

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230
        Files :

        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Mapreduce-0.23-Commit #510 (See https://builds.apache.org/job/Hadoop-Mapreduce-0.23-Commit/510/ ) svn merge -c 1241225 fixes MAPREDUCE-3804 bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230 Files : /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Mapreduce-trunk-Commit #1687 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/1687/)
        MAPREDUCE-3804. yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby)

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225
        Files :

        • /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Mapreduce-trunk-Commit #1687 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/1687/ ) MAPREDUCE-3804 . yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby) bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225 Files : /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Common-0.23-Commit #500 (See https://builds.apache.org/job/Hadoop-Common-0.23-Commit/500/)
        svn merge -c 1241225 fixes MAPREDUCE-3804

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230
        Files :

        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Common-0.23-Commit #500 (See https://builds.apache.org/job/Hadoop-Common-0.23-Commit/500/ ) svn merge -c 1241225 fixes MAPREDUCE-3804 bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230 Files : /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Hdfs-0.23-Commit #489 (See https://builds.apache.org/job/Hadoop-Hdfs-0.23-Commit/489/)
        svn merge -c 1241225 fixes MAPREDUCE-3804

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230
        Files :

        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Hdfs-0.23-Commit #489 (See https://builds.apache.org/job/Hadoop-Hdfs-0.23-Commit/489/ ) svn merge -c 1241225 fixes MAPREDUCE-3804 bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241230 Files : /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Common-trunk-Commit #1673 (See https://builds.apache.org/job/Hadoop-Common-trunk-Commit/1673/)
        MAPREDUCE-3804. yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby)

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225
        Files :

        • /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Common-trunk-Commit #1673 (See https://builds.apache.org/job/Hadoop-Common-trunk-Commit/1673/ ) MAPREDUCE-3804 . yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby) bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225 Files : /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Hdfs-trunk-Commit #1746 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/1746/)
        MAPREDUCE-3804. yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby)

        bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225
        Files :

        • /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
        • /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Show
        Hudson added a comment - Integrated in Hadoop-Hdfs-trunk-Commit #1746 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/1746/ ) MAPREDUCE-3804 . yarn webapp interface vulnerable to cross scripting attacks (Dave Thompson via bobby) bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225 Files : /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
        Hide
        Robert Joseph Evans added a comment -

        @Mahadev, I did rerun org.apache.hadoop.yarn.server.nodemanager.containermanager.monitor.TestContainersMonitor myself before committing and it passed.

        Show
        Robert Joseph Evans added a comment - @Mahadev, I did rerun org.apache.hadoop.yarn.server.nodemanager.containermanager.monitor.TestContainersMonitor myself before committing and it passed.
        Robert Joseph Evans made changes -
        Status Patch Available [ 10002 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Hide
        Robert Joseph Evans added a comment -

        Thanks Dave, I just committed this to trunk and 0.23

        Show
        Robert Joseph Evans added a comment - Thanks Dave, I just committed this to trunk and 0.23
        Hide
        Mahadev konar added a comment -

        @bobby/Dave,
        The reason TestContainersMonitor fails is due to MAPREDUCE-3583. I'd suggest re running through hudson just to make sure everything else is fine.

        Show
        Mahadev konar added a comment - @bobby/Dave, The reason TestContainersMonitor fails is due to MAPREDUCE-3583 . I'd suggest re running through hudson just to make sure everything else is fine.
        Hide
        Robert Joseph Evans added a comment -

        The patch looks good to me +1. Could you please file a separate JIRA for the failure in org.apache.hadoop.yarn.server.nodemanager.containermanager.monitor.TestContainersMonitor. It appears to not be related to this fix at all, but I could not find another JIRA for it, even though I found others where it also failed for them.

        Show
        Robert Joseph Evans added a comment - The patch looks good to me +1. Could you please file a separate JIRA for the failure in org.apache.hadoop.yarn.server.nodemanager.containermanager.monitor.TestContainersMonitor. It appears to not be related to this fix at all, but I could not find another JIRA for it, even though I found others where it also failed for them.
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12513499/MAPREDUCE-3804.patch
        against trunk revision .

        +1 @author. The patch does not contain any @author tags.

        -1 tests included. The patch doesn't appear to include any new or modified tests.
        Please justify why no new tests are needed for this patch.
        Also please list what manual steps were performed to verify this patch.

        +1 javadoc. The javadoc tool did not generate any warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 eclipse:eclipse. The patch built with eclipse:eclipse.

        +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        -1 core tests. The patch failed these unit tests:
        org.apache.hadoop.yarn.server.nodemanager.containermanager.monitor.TestContainersMonitor

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1797//testReport/
        Console output: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1797//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12513499/MAPREDUCE-3804.patch against trunk revision . +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 eclipse:eclipse. The patch built with eclipse:eclipse. +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: org.apache.hadoop.yarn.server.nodemanager.containermanager.monitor.TestContainersMonitor +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1797//testReport/ Console output: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1797//console This message is automatically generated.
        Dave Thompson made changes -
        Status Open [ 1 ] Patch Available [ 10002 ]
        Dave Thompson made changes -
        Attachment MAPREDUCE-3804.patch [ 12513499 ]
        Hide
        Dave Thompson added a comment -

        Patch fixes above findbug issue. Also corrects vulnerability when containers are present.

        Show
        Dave Thompson added a comment - Patch fixes above findbug issue. Also corrects vulnerability when containers are present.
        Mahadev konar made changes -
        Status Patch Available [ 10002 ] Open [ 1 ]
        Hide
        Mahadev konar added a comment -

        @Dave,
        Can you please take a look at the findbugs issue?

        Show
        Mahadev konar added a comment - @Dave, Can you please take a look at the findbugs issue?
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12513191/MAPREDUCE-3804.patch
        against trunk revision .

        +1 @author. The patch does not contain any @author tags.

        -1 tests included. The patch doesn't appear to include any new or modified tests.
        Please justify why no new tests are needed for this patch.
        Also please list what manual steps were performed to verify this patch.

        +1 javadoc. The javadoc tool did not generate any warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 eclipse:eclipse. The patch built with eclipse:eclipse.

        -1 findbugs. The patch appears to introduce 1 new Findbugs (version 1.3.9) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed unit tests in .

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1766//testReport/
        Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1766//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-yarn-common.html
        Console output: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1766//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12513191/MAPREDUCE-3804.patch against trunk revision . +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 eclipse:eclipse. The patch built with eclipse:eclipse. -1 findbugs. The patch appears to introduce 1 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed unit tests in . +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1766//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1766//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-yarn-common.html Console output: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1766//console This message is automatically generated.
        Mahadev konar made changes -
        Component/s mrv2 [ 12314301 ]
        Dave Thompson made changes -
        Attachment MAPREDUCE-3804.patch [ 12513191 ]
        Dave Thompson made changes -
        Status Open [ 1 ] Patch Available [ 10002 ]
        Hadoop Flags Reviewed [ 10343 ]
        Release Note fix cross scripting attacks vulnerability through webapp interface.
        Target Version/s 0.23.1 [ 12318883 ]
        Dave Thompson made changes -
        Field Original Value New Value
        Attachment MAPREDUCE_3804_br_0.23.0.patch [ 12513188 ]
        Hide
        Dave Thompson added a comment -

        Patch to prevent cross scripting vulnerability through webapp interface.

        Show
        Dave Thompson added a comment - Patch to prevent cross scripting vulnerability through webapp interface.
        Dave Thompson created issue -

          People

          • Assignee:
            Dave Thompson
            Reporter:
            Dave Thompson
          • Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development