Nathan Gough created NIFI-5374:
----------------------------------
Summary: Suppress stacktrace being returned to remote client when
using NiFi REST API
Key: NIFI-5374
URL: https://issues.apache.org/jira/browse/NIFI-5374
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework
Affects Versions: 1.7.0
Reporter: Nathan Gough
Assignee: Nathan Gough
Attachments: image001.png
When a remote user attempts to use an endpoint with a malicious string, Jetty
will return a full stacktrace of the error. This provides the remote user with
excess information that can be used when attempting to manipulate a system.
!image001.png!
This stacktrace should be logged only to the nifi-app.log and the stacktrace
suppressed before returning a 500 error to the user.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
