[
https://issues.apache.org/jira/browse/HDFS-10774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15426608#comment-15426608
]
Will Harmon commented on HDFS-10774:
Jason,
Thanks very much for your reply. I emailed them on August 8th and they haven't
replied. Since you confirmed they are the group to contact, I'll keep bugging
them.
Take care,
Will
On Thu, Aug 18, 2016 at 10:00 AM -0400, "Jason Lowe (JIRA)"
> wrote:
[
https://issues.apache.org/jira/browse/HDFS-10774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15426512#comment-15426512
]
Jason Lowe commented on HDFS-10774:
---
Security issues can be mailed to secur...@hadoop.apache.org. See
http://hadoop.apache.org/mailing_lists.html#Security for details and pointers
to other mailing lists.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
> Reflective XSS and HTML injection vulnerability
> ---
>
> Key: HDFS-10774
> URL: https://issues.apache.org/jira/browse/HDFS-10774
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
>Affects Versions: 2.0.0-alpha
>Reporter: Will Harmon
> Labels: security
>
> I’m assessing my customer's Apache Hadoop 2.0.0-CDH4.7.0 installation, and I
> came across an XSS and HTML injection vulnerability. Although my customer
> instance is 2.0.0, newer versions are also likely vulnerable. I’d like to
> provide more details about my finding but first want to ensure I’m
> communicating with the correct group. Please let me know if you would like to
> know more and how I can securely share my findings.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org