Ian Tyndall created ZEPPELIN-2014:
-------------------------------------
Summary: Jetty Directory Listing on app, assets, components, and
scripts
Key: ZEPPELIN-2014
URL: https://issues.apache.org/jira/browse/ZEPPELIN-2014
Project: Zeppelin
Issue Type: Bug
Components: Core
Affects Versions: 0.6.2
Environment: RHEL
Reporter: Ian Tyndall
Security Issue, would not pass my institution's security scanners.
The Web directory list is made publicly accessible folders by default.
As a bandaid, I've added code in the daemon shell script to put index html
files with a meta refresh in the affected directories.
It would be nice if this could be configured on the fly with other jetty config
with this:
https://www.eclipse.org/jetty/documentation/9.3.x/override-web-xml.html
But, a nice hard coded fix would be great in the meantime!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
