[NIFI-5374] Suppress stacktrace being returned to remote client when using NiFi REST API - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.7.0
Fix Version/s: 1.8.0, 1.7.1
Component/s: Core Framework
Labels:

Description

When a remote user attempts to use an endpoint with a malicious string, Jetty will return a full stacktrace of the error. This provides the remote user with excess information that can be used when attempting to manipulate a system.

This stacktrace should be logged only to the nifi-app.log and the stacktrace suppressed before returning a 500 error to the user.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

image001.png
03/Jul/18 20:43
318 kB
Nathan Gough

Issue Links

links to

GitHub Pull Request #2840

Activity

People

Assignee:: Nathan Gough

Reporter:: Nathan Gough

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 03/Jul/18 20:45

Updated:: 12/Jul/18 01:31

Resolved:: 04/Jul/18 01:21