[
https://issues.apache.org/jira/browse/NIFI-5374?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16532124#comment-16532124
]
ASF GitHub Bot commented on NIFI-5374:
--------------------------------------
Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/2840
Thanks @thenatog. I reviewed this and it looks good. While initially I
tried to run integration tests for the entire project, there is a failing
integration test
`StandardControllerServiceProviderIT.testConcurrencyWithEnablingReferencingServicesGraph:96->testEnableReferencingServicesGraph`
which I opened a ticket for
[NIFI-5375](https://issues.apache.org/jira/browse/NIFI-5375). Building normally
and then running integration tests on just this module is successful. I made
some minor fixes for code style (see [commit
8792f90](https://github.com/alopresto/nifi/commit/12503047009bac80da4858b8fc99da35a8792f90)
on branch NIFI-5374-PR-2840).
I verified against a running instance as well, and will merge this PR.
> Suppress stacktrace being returned to remote client when using NiFi REST API
> ----------------------------------------------------------------------------
>
> Key: NIFI-5374
> URL: https://issues.apache.org/jira/browse/NIFI-5374
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 1.7.0
> Reporter: Nathan Gough
> Assignee: Nathan Gough
> Priority: Minor
> Labels: filter, stacktrace, suppress
> Attachments: image001.png
>
>
> When a remote user attempts to use an endpoint with a malicious string, Jetty
> will return a full stacktrace of the error. This provides the remote user
> with excess information that can be used when attempting to manipulate a
> system.
> !image001.png!
> This stacktrace should be logged only to the nifi-app.log and the stacktrace
> suppressed before returning a 500 error to the user.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
