Georg Henzler created FELIX-6133:
------------------------------------
Summary: HC ServiceUnavailableFilter should not include execution
result by default
Key: FELIX-6133
URL: https://issues.apache.org/jira/browse/FELIX-6133
Project: Felix
Issue Type: Improvement
Components: Health Checks
Affects Versions: healthcheck.core 2.0.6
Reporter: Georg Henzler
Assignee: Georg Henzler
Fix For: healthcheck.core 2.0.8
Currently the execution result is included by default in 503 responses. To
follow the principle "Security by default" and not not give away any
information to a potential attacker, the default should be false.
NOTE: For many cases a value includeExecutionResult=true is fine because 503
responses from a backend never reach a untrusted zone (e.g. Felix runs as a
backend server and a LB decides to not take the backend into account upon 503
responses, having the execution result in the response is not harmful then but
useful for analysis purposes)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
