Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-5374

Suppress stacktrace being returned to remote client when using NiFi REST API

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      When a remote user attempts to use an endpoint with a malicious string, Jetty will return a full stacktrace of the error. This provides the remote user with excess information that can be used when attempting to manipulate a system.

      This stacktrace should be logged only to the nifi-app.log and the stacktrace suppressed before returning a 500 error to the user.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            thenatog Nathan Gough
            thenatog Nathan Gough
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment