Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-5374

Suppress stacktrace being returned to remote client when using NiFi REST API

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

      Description

      When a remote user attempts to use an endpoint with a malicious string, Jetty will return a full stacktrace of the error. This provides the remote user with excess information that can be used when attempting to manipulate a system.

      This stacktrace should be logged only to the nifi-app.log and the stacktrace suppressed before returning a 500 error to the user.

        Attachments

          Activity

            People

            • Assignee:
              thenatog Nathan Gough
              Reporter:
              thenatog Nathan Gough

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment