[
https://issues.apache.org/jira/browse/MAPREDUCE-3804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13201730#comment-13201730
]
Hudson commented on MAPREDUCE-3804:
-----------------------------------
Integrated in Hadoop-Common-trunk-Commit #1673 (See
[https://builds.apache.org/job/Hadoop-Common-trunk-Commit/1673/])
MAPREDUCE-3804. yarn webapp interface vulnerable to cross scripting attacks
(Dave Thompson via bobby)
bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1241225
Files :
* /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
*
/hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
*
/hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/hamlet/HamletImpl.java
> yarn webapp interface vulnerable to cross scripting attacks
> -----------------------------------------------------------
>
> Key: MAPREDUCE-3804
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3804
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: jobhistoryserver, mrv2, resourcemanager
> Affects Versions: 0.23.0
> Reporter: Dave Thompson
> Assignee: Dave Thompson
> Fix For: 0.23.1
>
> Attachments: MAPREDUCE-3804.patch, MAPREDUCE-3804.patch,
> MAPREDUCE_3804_br_0.23.0.patch
>
>
> Yarn webapp interface may be vulnerable to certain cross scripting attacks,
> injected through URL request.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
