----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65053/#review195308 -----------------------------------------------------------
Ship it! Ship It! - Colm O hEigeartaigh On Jan. 11, 2018, 12:26 a.m., Na Li wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/65053/ > ----------------------------------------------------------- > > (Updated Jan. 11, 2018, 12:26 a.m.) > > > Review request for sentry, Brian Towles, kalyan kumar kalvagadda, and Sergio > Pena. > > > Repository: sentry > > > Description > ------- > > HTTP parameter is directly written to Servlet error page. Echoing this > untrusted input allows for a reflected cross site scripting. See > http://en.wikipedia.org/wiki/Cross-site_scripting for more information. > > > Diffs > ----- > > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/LogLevelServlet.java > fce41a8 > > > Diff: https://reviews.apache.org/r/65053/diff/1/ > > > Testing > ------- > > > Thanks, > > Na Li > >
