Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
1.7.0
Description
When a remote user attempts to use an endpoint with a malicious string, Jetty will return a full stacktrace of the error. This provides the remote user with excess information that can be used when attempting to manipulate a system.
This stacktrace should be logged only to the nifi-app.log and the stacktrace suppressed before returning a 500 error to the user.
Attachments
Attachments
Issue Links
- links to