[
https://issues.apache.org/jira/browse/YARN-5076?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15291572#comment-15291572
]
Jonathan Maron commented on YARN-5076:
--------------------------------------
Does a package-info.java file need to exist for
org.apache.hadoop.yarn.server.resourcemanager.webapp? I don't see one at the
moment.
{noformat}
HW10386:hadoop jmaron$ find . -name package-info.java | grep resource
./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/recovery/package-info.java
{noformat}
> YARN web interfaces lack XFS protection
> ---------------------------------------
>
> Key: YARN-5076
> URL: https://issues.apache.org/jira/browse/YARN-5076
> Project: Hadoop YARN
> Issue Type: Bug
> Components: nodemanager, resourcemanager, timelineserver
> Reporter: Jonathan Maron
> Assignee: Jonathan Maron
> Attachments: YARN-5076.002.patch, YARN-5076.003.patch,
> YARN-5076.004.patch
>
> Original Estimate: 48h
> Remaining Estimate: 48h
>
> There are web interfaces in YARN that do not provide protection against cross
> frame scripting
> (https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet).
> HADOOP-13008 provides a common filter for addressing this vulnerability, so
> this filter should be integrated into the YARN web interfaces.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
