[
https://issues.apache.org/jira/browse/AMBARI-25390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16944517#comment-16944517
]
Hudson commented on AMBARI-25390:
---------------------------------
FAILURE: Integrated in Jenkins build Ambari-branch-2.7 #582 (See
[https://builds.apache.org/job/Ambari-branch-2.7/582/])
AMBARI-25390. Disable indexing in /resources endpoint and (aonishuk:
[https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=a00a76dd33343d54f8e2f9e504f5cea80e48c0d1])
* (edit)
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
* (delete) ambari-server/src/main/resources/index.html
> Ambari is indexing all subdirectories contents under /resources folder via
> API.
> -------------------------------------------------------------------------------
>
> Key: AMBARI-25390
> URL: https://issues.apache.org/jira/browse/AMBARI-25390
> Project: Ambari
> Issue Type: Bug
> Affects Versions: trunk, 2.7.4
> Reporter: Andrew Onischuk
> Assignee: Andrew Onischuk
> Priority: Critical
> Labels: pull-request-available
> Fix For: 2.7.4
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> GET /resources gives back the directory content of
> /var/lib/ambari-server/resources. The directory doesn't contain any sensitive
> information, only files which are already visible on github. But it might
> freak out security guys therefore it's best to disable the listing.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
