[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java

2015-05-03 Thread Hudson (JIRA) 

[ 
https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14525797#comment-14525797
 ] 

Hudson commented on YARN-1993:
--

FAILURE: Integrated in Hadoop-Yarn-trunk #916 (See 
[https://builds.apache.org/job/Hadoop-Yarn-trunk/916/])
YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed 
byKenji Kikushima. (ozawa: rev e8d0ee5fc9af612d7abc9ab2c201434e7102d092)
* hadoop-yarn-project/CHANGES.txt
* 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java


 Cross-site scripting vulnerability in TextView.java
 ---

 Key: YARN-1993
 URL: https://issues.apache.org/jira/browse/YARN-1993
 Project: Hadoop YARN
  Issue Type: Bug
  Components: webapp
Reporter: Ted Yu
Assignee: Kenji Kikushima
 Fix For: 2.8.0

 Attachments: YARN-1993.patch


 In 
 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
  , method echo() e.g. :
 {code}
 for (Object s : args) {
   out.print(s);
 }
 {code}
 Printing s to an HTML page allows cross-site scripting, because it was not 
 properly sanitized for context HTML attribute name.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java

2015-05-03 Thread Hudson (JIRA) 

[ 
https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14526073#comment-14526073
 ] 

Hudson commented on YARN-1993:
--

SUCCESS: Integrated in Hadoop-Mapreduce-trunk #2132 (See 
[https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2132/])
YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed 
byKenji Kikushima. (ozawa: rev e8d0ee5fc9af612d7abc9ab2c201434e7102d092)
* hadoop-yarn-project/CHANGES.txt
* 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java


 Cross-site scripting vulnerability in TextView.java
 ---

 Key: YARN-1993
 URL: https://issues.apache.org/jira/browse/YARN-1993
 Project: Hadoop YARN
  Issue Type: Bug
  Components: webapp
Reporter: Ted Yu
Assignee: Kenji Kikushima
 Fix For: 2.8.0

 Attachments: YARN-1993.patch


 In 
 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
  , method echo() e.g. :
 {code}
 for (Object s : args) {
   out.print(s);
 }
 {code}
 Printing s to an HTML page allows cross-site scripting, because it was not 
 properly sanitized for context HTML attribute name.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java

2015-05-03 Thread Hudson (JIRA) 

[ 
https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14526080#comment-14526080
 ] 

Hudson commented on YARN-1993:
--

SUCCESS: Integrated in Hadoop-Hdfs-trunk-Java8 #173 (See 
[https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/173/])
YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed 
byKenji Kikushima. (ozawa: rev e8d0ee5fc9af612d7abc9ab2c201434e7102d092)
* hadoop-yarn-project/CHANGES.txt
* 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java


 Cross-site scripting vulnerability in TextView.java
 ---

 Key: YARN-1993
 URL: https://issues.apache.org/jira/browse/YARN-1993
 Project: Hadoop YARN
  Issue Type: Bug
  Components: webapp
Reporter: Ted Yu
Assignee: Kenji Kikushima
 Fix For: 2.8.0

 Attachments: YARN-1993.patch


 In 
 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
  , method echo() e.g. :
 {code}
 for (Object s : args) {
   out.print(s);
 }
 {code}
 Printing s to an HTML page allows cross-site scripting, because it was not 
 properly sanitized for context HTML attribute name.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java

2015-05-03 Thread Hudson (JIRA) 

[ 
https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14526067#comment-14526067
 ] 

Hudson commented on YARN-1993:
--

SUCCESS: Integrated in Hadoop-Hdfs-trunk #2114 (See 
[https://builds.apache.org/job/Hadoop-Hdfs-trunk/2114/])
YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed 
byKenji Kikushima. (ozawa: rev e8d0ee5fc9af612d7abc9ab2c201434e7102d092)
* 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
* hadoop-yarn-project/CHANGES.txt


 Cross-site scripting vulnerability in TextView.java
 ---

 Key: YARN-1993
 URL: https://issues.apache.org/jira/browse/YARN-1993
 Project: Hadoop YARN
  Issue Type: Bug
  Components: webapp
Reporter: Ted Yu
Assignee: Kenji Kikushima
 Fix For: 2.8.0

 Attachments: YARN-1993.patch


 In 
 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
  , method echo() e.g. :
 {code}
 for (Object s : args) {
   out.print(s);
 }
 {code}
 Printing s to an HTML page allows cross-site scripting, because it was not 
 properly sanitized for context HTML attribute name.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java

2015-05-03 Thread Hudson (JIRA) 

[ 
https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14526063#comment-14526063
 ] 

Hudson commented on YARN-1993:
--

FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #183 (See 
[https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/183/])
YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed 
byKenji Kikushima. (ozawa: rev e8d0ee5fc9af612d7abc9ab2c201434e7102d092)
* 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
* hadoop-yarn-project/CHANGES.txt


 Cross-site scripting vulnerability in TextView.java
 ---

 Key: YARN-1993
 URL: https://issues.apache.org/jira/browse/YARN-1993
 Project: Hadoop YARN
  Issue Type: Bug
  Components: webapp
Reporter: Ted Yu
Assignee: Kenji Kikushima
 Fix For: 2.8.0

 Attachments: YARN-1993.patch


 In 
 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
  , method echo() e.g. :
 {code}
 for (Object s : args) {
   out.print(s);
 }
 {code}
 Printing s to an HTML page allows cross-site scripting, because it was not 
 properly sanitized for context HTML attribute name.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java

2015-05-03 Thread Hudson (JIRA) 

[ 
https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14525776#comment-14525776
 ] 

Hudson commented on YARN-1993:
--

FAILURE: Integrated in Hadoop-trunk-Commit #7718 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/7718/])
YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed 
byKenji Kikushima. (ozawa: rev e8d0ee5fc9af612d7abc9ab2c201434e7102d092)
* hadoop-yarn-project/CHANGES.txt
* 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java


 Cross-site scripting vulnerability in TextView.java
 ---

 Key: YARN-1993
 URL: https://issues.apache.org/jira/browse/YARN-1993
 Project: Hadoop YARN
  Issue Type: Bug
  Components: webapp
Reporter: Ted Yu
Assignee: Kenji Kikushima
 Fix For: 2.8.0

 Attachments: YARN-1993.patch


 In 
 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
  , method echo() e.g. :
 {code}
 for (Object s : args) {
   out.print(s);
 }
 {code}
 Printing s to an HTML page allows cross-site scripting, because it was not 
 properly sanitized for context HTML attribute name.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java

2015-05-03 Thread Hudson (JIRA) 

[ 
https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14525817#comment-14525817
 ] 

Hudson commented on YARN-1993:
--

FAILURE: Integrated in Hadoop-Yarn-trunk-Java8 #182 (See 
[https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/182/])
YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed 
byKenji Kikushima. (ozawa: rev e8d0ee5fc9af612d7abc9ab2c201434e7102d092)
* hadoop-yarn-project/CHANGES.txt
* 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java


 Cross-site scripting vulnerability in TextView.java
 ---

 Key: YARN-1993
 URL: https://issues.apache.org/jira/browse/YARN-1993
 Project: Hadoop YARN
  Issue Type: Bug
  Components: webapp
Reporter: Ted Yu
Assignee: Kenji Kikushima
 Fix For: 2.8.0

 Attachments: YARN-1993.patch


 In 
 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
  , method echo() e.g. :
 {code}
 for (Object s : args) {
   out.print(s);
 }
 {code}
 Printing s to an HTML page allows cross-site scripting, because it was not 
 properly sanitized for context HTML attribute name.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java

2015-05-02 Thread Hadoop QA (JIRA) 

[ 
https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14525526#comment-14525526
 ] 

Hadoop QA commented on YARN-1993:
-

\\
\\
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | pre-patch |  15m 13s | Pre-patch trunk compilation is 
healthy. |
| {color:green}+1{color} | @author |   0m  0s | The patch does not contain any 
@author tags. |
| {color:red}-1{color} | tests included |   0m  0s | The patch doesn't appear 
to include any new or modified tests.  Please justify why no new tests are 
needed for this patch. Also please list what manual steps were performed to 
verify this patch. |
| {color:red}-1{color} | javac |   7m 47s | The applied patch generated  173  
additional warning messages. |
| {color:red}-1{color} | javadoc |  10m  4s | The applied patch generated  14  
additional warning messages. |
| {color:green}+1{color} | release audit |   0m 23s | The applied patch does 
not increase the total number of release audit warnings. |
| {color:green}+1{color} | checkstyle |   0m 53s | There were no new checkstyle 
issues. |
| {color:green}+1{color} | whitespace |   0m  0s | The patch has no lines that 
end in whitespace. |
| {color:green}+1{color} | install |   1m 32s | mvn install still works. |
| {color:green}+1{color} | eclipse:eclipse |   0m 33s | The patch built with 
eclipse:eclipse. |
| {color:green}+1{color} | findbugs |   1m 24s | The patch does not introduce 
any new Findbugs (version 2.0.3) warnings. |
| {color:green}+1{color} | yarn tests |   1m 58s | Tests passed in 
hadoop-yarn-common. |
| | |  39m 51s | |
\\
\\
|| Subsystem || Report/Notes ||
| Patch URL | 
http://issues.apache.org/jira/secure/attachment/12644792/YARN-1993.patch |
| Optional Tests | javadoc javac unit findbugs checkstyle |
| git revision | trunk / 6ae2a0d |
| javac | 
https://builds.apache.org/job/PreCommit-YARN-Build/7663/artifact/patchprocess/diffJavacWarnings.txt
 |
| javadoc | 
https://builds.apache.org/job/PreCommit-YARN-Build/7663/artifact/patchprocess/diffJavadocWarnings.txt
 |
| hadoop-yarn-common test log | 
https://builds.apache.org/job/PreCommit-YARN-Build/7663/artifact/patchprocess/testrun_hadoop-yarn-common.txt
 |
| Test Results | 
https://builds.apache.org/job/PreCommit-YARN-Build/7663/testReport/ |
| Java | 1.7.0_55 |
| uname | Linux asf903.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP 
PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Console output | 
https://builds.apache.org/job/PreCommit-YARN-Build/7663/console |


This message was automatically generated.

 Cross-site scripting vulnerability in TextView.java
 ---

 Key: YARN-1993
 URL: https://issues.apache.org/jira/browse/YARN-1993
 Project: Hadoop YARN
  Issue Type: Bug
  Components: webapp
Reporter: Ted Yu
 Attachments: YARN-1993.patch


 In 
 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
  , method echo() e.g. :
 {code}
 for (Object s : args) {
   out.print(s);
 }
 {code}
 Printing s to an HTML page allows cross-site scripting, because it was not 
 properly sanitized for context HTML attribute name.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java

2015-05-02 Thread Tsuyoshi Ozawa (JIRA) 

[ 
https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14525542#comment-14525542
 ] 

Tsuyoshi Ozawa commented on YARN-1993:
--

+1, committing this shortly.

 Cross-site scripting vulnerability in TextView.java
 ---

 Key: YARN-1993
 URL: https://issues.apache.org/jira/browse/YARN-1993
 Project: Hadoop YARN
  Issue Type: Bug
  Components: webapp
Reporter: Ted Yu
Assignee: Kenji Kikushima
 Attachments: YARN-1993.patch


 In 
 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
  , method echo() e.g. :
 {code}
 for (Object s : args) {
   out.print(s);
 }
 {code}
 Printing s to an HTML page allows cross-site scripting, because it was not 
 properly sanitized for context HTML attribute name.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (YARN-1993) Cross-site scripting vulnerability in TextView.java

2015-05-02 Thread Tsuyoshi Ozawa (JIRA) 

[ 
https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14525592#comment-14525592
 ] 

Tsuyoshi Ozawa commented on YARN-1993:
--

Warnings by javac and javadoc are not related to the patch.

 Cross-site scripting vulnerability in TextView.java
 ---

 Key: YARN-1993
 URL: https://issues.apache.org/jira/browse/YARN-1993
 Project: Hadoop YARN
  Issue Type: Bug
  Components: webapp
Reporter: Ted Yu
Assignee: Kenji Kikushima
 Attachments: YARN-1993.patch


 In 
 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
  , method echo() e.g. :
 {code}
 for (Object s : args) {
   out.print(s);
 }
 {code}
 Printing s to an HTML page allows cross-site scripting, because it was not 
 properly sanitized for context HTML attribute name.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)