[
https://issues.apache.org/jira/browse/FELIX-6133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Georg Henzler resolved FELIX-6133.
----------------------------------
Resolution: Fixed
Fixed in [r1859841|http://svn.apache.org/r1859841]
> HC ServiceUnavailableFilter should not include execution result by default
> --------------------------------------------------------------------------
>
> Key: FELIX-6133
> URL: https://issues.apache.org/jira/browse/FELIX-6133
> Project: Felix
> Issue Type: Improvement
> Components: Health Checks
> Affects Versions: healthcheck.core 2.0.6
> Reporter: Georg Henzler
> Assignee: Georg Henzler
> Priority: Major
> Fix For: healthcheck.core 2.0.8
>
>
> Currently the execution result is included by default in 503 responses. To
> follow the principle "Security by default" and not not give away any
> information to a potential attacker, the default should be false.
> NOTE: For many cases a value includeExecutionResult=true is fine because 503
> responses from a backend never reach a untrusted zone (e.g. Felix runs as a
> backend server and a LB decides to not take the backend into account upon 503
> responses, having the execution result in the response is not harmful then
> but useful for analysis purposes)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
