Daniel Ay created SPARK-55201:
---------------------------------
Summary: Add option to disable insecure HTTP port when SSL is
enabled
Key: SPARK-55201
URL: https://issues.apache.org/jira/browse/SPARK-55201
Project: Spark
Issue Type: Task
Components: Spark Core, Web UI
Affects Versions: 4.2.0
Reporter: Daniel Ay
Currently, when SSL/TLS is enabled for Spark Web UIs (History Server, Master,
Worker), Spark still binds to an insecure HTTP port to provide redirection.
These open ports are flagged as a vulnerability by security scanners.
We should introduce a new configuration to allow Spark to skip binding the HTTP
port entirely when HTTPS is active.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
