[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java
[ https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14525797#comment-14525797 ] Hudson commented on YARN-1993: -- FAILURE: Integrated in Hadoop-Yarn-trunk #916 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk/916/]) YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed byKenji Kikushima. (ozawa: rev e8d0ee5fc9af612d7abc9ab2c201434e7102d092) * hadoop-yarn-project/CHANGES.txt * hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java Cross-site scripting vulnerability in TextView.java --- Key: YARN-1993 URL: https://issues.apache.org/jira/browse/YARN-1993 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Ted Yu Assignee: Kenji Kikushima Fix For: 2.8.0 Attachments: YARN-1993.patch In hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java , method echo() e.g. : {code} for (Object s : args) { out.print(s); } {code} Printing s to an HTML page allows cross-site scripting, because it was not properly sanitized for context HTML attribute name. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java
[ https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14526073#comment-14526073 ] Hudson commented on YARN-1993: -- SUCCESS: Integrated in Hadoop-Mapreduce-trunk #2132 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2132/]) YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed byKenji Kikushima. (ozawa: rev e8d0ee5fc9af612d7abc9ab2c201434e7102d092) * hadoop-yarn-project/CHANGES.txt * hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java Cross-site scripting vulnerability in TextView.java --- Key: YARN-1993 URL: https://issues.apache.org/jira/browse/YARN-1993 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Ted Yu Assignee: Kenji Kikushima Fix For: 2.8.0 Attachments: YARN-1993.patch In hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java , method echo() e.g. : {code} for (Object s : args) { out.print(s); } {code} Printing s to an HTML page allows cross-site scripting, because it was not properly sanitized for context HTML attribute name. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java
[ https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14526080#comment-14526080 ] Hudson commented on YARN-1993: -- SUCCESS: Integrated in Hadoop-Hdfs-trunk-Java8 #173 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/173/]) YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed byKenji Kikushima. (ozawa: rev e8d0ee5fc9af612d7abc9ab2c201434e7102d092) * hadoop-yarn-project/CHANGES.txt * hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java Cross-site scripting vulnerability in TextView.java --- Key: YARN-1993 URL: https://issues.apache.org/jira/browse/YARN-1993 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Ted Yu Assignee: Kenji Kikushima Fix For: 2.8.0 Attachments: YARN-1993.patch In hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java , method echo() e.g. : {code} for (Object s : args) { out.print(s); } {code} Printing s to an HTML page allows cross-site scripting, because it was not properly sanitized for context HTML attribute name. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java
[ https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14526067#comment-14526067 ] Hudson commented on YARN-1993: -- SUCCESS: Integrated in Hadoop-Hdfs-trunk #2114 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/2114/]) YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed byKenji Kikushima. (ozawa: rev e8d0ee5fc9af612d7abc9ab2c201434e7102d092) * hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java * hadoop-yarn-project/CHANGES.txt Cross-site scripting vulnerability in TextView.java --- Key: YARN-1993 URL: https://issues.apache.org/jira/browse/YARN-1993 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Ted Yu Assignee: Kenji Kikushima Fix For: 2.8.0 Attachments: YARN-1993.patch In hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java , method echo() e.g. : {code} for (Object s : args) { out.print(s); } {code} Printing s to an HTML page allows cross-site scripting, because it was not properly sanitized for context HTML attribute name. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java
[ https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14526063#comment-14526063 ] Hudson commented on YARN-1993: -- FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #183 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/183/]) YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed byKenji Kikushima. (ozawa: rev e8d0ee5fc9af612d7abc9ab2c201434e7102d092) * hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java * hadoop-yarn-project/CHANGES.txt Cross-site scripting vulnerability in TextView.java --- Key: YARN-1993 URL: https://issues.apache.org/jira/browse/YARN-1993 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Ted Yu Assignee: Kenji Kikushima Fix For: 2.8.0 Attachments: YARN-1993.patch In hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java , method echo() e.g. : {code} for (Object s : args) { out.print(s); } {code} Printing s to an HTML page allows cross-site scripting, because it was not properly sanitized for context HTML attribute name. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java
[ https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14525776#comment-14525776 ] Hudson commented on YARN-1993: -- FAILURE: Integrated in Hadoop-trunk-Commit #7718 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/7718/]) YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed byKenji Kikushima. (ozawa: rev e8d0ee5fc9af612d7abc9ab2c201434e7102d092) * hadoop-yarn-project/CHANGES.txt * hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java Cross-site scripting vulnerability in TextView.java --- Key: YARN-1993 URL: https://issues.apache.org/jira/browse/YARN-1993 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Ted Yu Assignee: Kenji Kikushima Fix For: 2.8.0 Attachments: YARN-1993.patch In hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java , method echo() e.g. : {code} for (Object s : args) { out.print(s); } {code} Printing s to an HTML page allows cross-site scripting, because it was not properly sanitized for context HTML attribute name. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java
[ https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14525817#comment-14525817 ] Hudson commented on YARN-1993: -- FAILURE: Integrated in Hadoop-Yarn-trunk-Java8 #182 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/182/]) YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed byKenji Kikushima. (ozawa: rev e8d0ee5fc9af612d7abc9ab2c201434e7102d092) * hadoop-yarn-project/CHANGES.txt * hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java Cross-site scripting vulnerability in TextView.java --- Key: YARN-1993 URL: https://issues.apache.org/jira/browse/YARN-1993 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Ted Yu Assignee: Kenji Kikushima Fix For: 2.8.0 Attachments: YARN-1993.patch In hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java , method echo() e.g. : {code} for (Object s : args) { out.print(s); } {code} Printing s to an HTML page allows cross-site scripting, because it was not properly sanitized for context HTML attribute name. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java
[ https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14525526#comment-14525526 ] Hadoop QA commented on YARN-1993: - \\ \\ | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | pre-patch | 15m 13s | Pre-patch trunk compilation is healthy. | | {color:green}+1{color} | @author | 0m 0s | The patch does not contain any @author tags. | | {color:red}-1{color} | tests included | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. | | {color:red}-1{color} | javac | 7m 47s | The applied patch generated 173 additional warning messages. | | {color:red}-1{color} | javadoc | 10m 4s | The applied patch generated 14 additional warning messages. | | {color:green}+1{color} | release audit | 0m 23s | The applied patch does not increase the total number of release audit warnings. | | {color:green}+1{color} | checkstyle | 0m 53s | There were no new checkstyle issues. | | {color:green}+1{color} | whitespace | 0m 0s | The patch has no lines that end in whitespace. | | {color:green}+1{color} | install | 1m 32s | mvn install still works. | | {color:green}+1{color} | eclipse:eclipse | 0m 33s | The patch built with eclipse:eclipse. | | {color:green}+1{color} | findbugs | 1m 24s | The patch does not introduce any new Findbugs (version 2.0.3) warnings. | | {color:green}+1{color} | yarn tests | 1m 58s | Tests passed in hadoop-yarn-common. | | | | 39m 51s | | \\ \\ || Subsystem || Report/Notes || | Patch URL | http://issues.apache.org/jira/secure/attachment/12644792/YARN-1993.patch | | Optional Tests | javadoc javac unit findbugs checkstyle | | git revision | trunk / 6ae2a0d | | javac | https://builds.apache.org/job/PreCommit-YARN-Build/7663/artifact/patchprocess/diffJavacWarnings.txt | | javadoc | https://builds.apache.org/job/PreCommit-YARN-Build/7663/artifact/patchprocess/diffJavadocWarnings.txt | | hadoop-yarn-common test log | https://builds.apache.org/job/PreCommit-YARN-Build/7663/artifact/patchprocess/testrun_hadoop-yarn-common.txt | | Test Results | https://builds.apache.org/job/PreCommit-YARN-Build/7663/testReport/ | | Java | 1.7.0_55 | | uname | Linux asf903.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Console output | https://builds.apache.org/job/PreCommit-YARN-Build/7663/console | This message was automatically generated. Cross-site scripting vulnerability in TextView.java --- Key: YARN-1993 URL: https://issues.apache.org/jira/browse/YARN-1993 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Ted Yu Attachments: YARN-1993.patch In hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java , method echo() e.g. : {code} for (Object s : args) { out.print(s); } {code} Printing s to an HTML page allows cross-site scripting, because it was not properly sanitized for context HTML attribute name. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java
[ https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14525542#comment-14525542 ] Tsuyoshi Ozawa commented on YARN-1993: -- +1, committing this shortly. Cross-site scripting vulnerability in TextView.java --- Key: YARN-1993 URL: https://issues.apache.org/jira/browse/YARN-1993 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Ted Yu Assignee: Kenji Kikushima Attachments: YARN-1993.patch In hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java , method echo() e.g. : {code} for (Object s : args) { out.print(s); } {code} Printing s to an HTML page allows cross-site scripting, because it was not properly sanitized for context HTML attribute name. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java
[ https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14525592#comment-14525592 ] Tsuyoshi Ozawa commented on YARN-1993: -- Warnings by javac and javadoc are not related to the patch. Cross-site scripting vulnerability in TextView.java --- Key: YARN-1993 URL: https://issues.apache.org/jira/browse/YARN-1993 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Ted Yu Assignee: Kenji Kikushima Attachments: YARN-1993.patch In hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java , method echo() e.g. : {code} for (Object s : args) { out.print(s); } {code} Printing s to an HTML page allows cross-site scripting, because it was not properly sanitized for context HTML attribute name. -- This message was sent by Atlassian JIRA (v6.3.4#6332)