[
https://issues.apache.org/jira/browse/AMBARI-25390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16945721#comment-16945721
]
Hudson commented on AMBARI-25390:
---------------------------------
SUCCESS: Integrated in Jenkins build Ambari-branch-2.7 #583 (See
[https://builds.apache.org/job/Ambari-branch-2.7/583/])
AMBARI-25390. Disable indexing in /resources endpoint and (aonishuk:
[https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=461b5bafe8a0ea66081700cff0a1fe4a96109b48])
* (edit) ambari-server/src/main/assemblies/server.xml
> Ambari is indexing all subdirectories contents under /resources folder via
> API.
> -------------------------------------------------------------------------------
>
> Key: AMBARI-25390
> URL: https://issues.apache.org/jira/browse/AMBARI-25390
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: trunk, 2.7.4
> Reporter: Andrew Onischuk
> Assignee: Andrew Onischuk
> Priority: Critical
> Labels: pull-request-available
> Fix For: 2.7.4
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> GET /resources gives back the directory content of
> /var/lib/ambari-server/resources. The directory doesn't contain any sensitive
> information, only files which are already visible on github. But it might
> freak out security guys therefore it's best to disable the listing.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
