Daniil Kirilyuk created QPID-8620:
-------------------------------------
Summary: [Broker-J] HTTP management plugin can reveal system data
or debug information
Key: QPID-8620
URL: https://issues.apache.org/jira/browse/QPID-8620
Project: Qpid
Issue Type: Improvement
Components: Broker-J
Affects Versions: qpid-java-broker-9.0.0
Reporter: Daniil Kirilyuk
Fix For: qpid-java-broker-9.0.1
The function writeObjectToResponse() in AbstractServlet.java reveals system
data or debug information by calling writeValue(). AbstractServlet, RestServlet
and QueryServlet return error details on exceptions. The error details should
be logged instead and a generic error message should be return in the
HttpServletResponse.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
