You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2016/01/07 09:00:53 UTC
[jira] [Resolved] (FELIX-4983) To prevent server information
disclosure on error page, jetty 9.3.2 should be used
[ https://issues.apache.org/jira/browse/FELIX-4983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler resolved FELIX-4983.
-------------------------------------
Resolution: Fixed
Updated to jetty 9.3
> To prevent server information disclosure on error page, jetty 9.3.2 should be used
> ----------------------------------------------------------------------------------
>
> Key: FELIX-4983
> URL: https://issues.apache.org/jira/browse/FELIX-4983
> Project: Felix
> Issue Type: Bug
> Components: HTTP Service
> Affects Versions: http.jetty-3.0.2
> Reporter: Adrien PAILHES
> Assignee: Carsten Ziegeler
> Fix For: http.jetty-3.2.0
>
>
> According to this commit:
> https://github.com/eclipse/jetty.project/commit/6428718962b26ece54736da897ac9755eda265e2
> jetty information is no more used in ErrorHandler (aka Jetty.POWERED_BY_HTML is removed).
> So, for security purpose(information disclosure threat), it would be usefull to use jetty 9.3.2.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)