You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by krishna-pandey <gi...@git.apache.org> on 2017/04/27 10:53:40 UTC

[GitHub] zeppelin pull request #2293: [ZEPPELIN-2461] Masking Jetty Server version wi...

GitHub user krishna-pandey opened a pull request:

    https://github.com/apache/zeppelin/pull/2293

    [ZEPPELIN-2461] Masking Jetty Server version with User-configurable parameter

    ### What is this PR for?
    Security conscious organisations does not want to reveal the Application Server name and version to prevent Script-kiddies from finding the information easily when fingerprinting the Application. The exact version number can tell an Attacker if the current Application Server is patched for or vulnerable to certain publicly known CVE associated to it.
    
    ### What type of PR is it?
    [Improvement | Feature]
    
    ### What is the Jira issue?
    * [ZEPPELIN-2461](https://issues.apache.org/jira/browse/ZEPPELIN-2461)
    
    ### How should this be tested?
    Providing a value in zeppelin-site.xml will replace the actual Jetty server version found in HTTP Header with provided value. E.g. 
     - edit zeppelin-site.xml and add a property `zeppelin.server.jetty.name` and with value say `TOMCAT`
     - restart the server
     - open the app in browser then observe the Response Headers for the key "Server"  this should now reflect "TOMCAT"
    
    ### Screenshots (if appropriate)
    
    ### Questions:
    * Does the licenses files need update? N/A
    * Is there breaking changes for older versions? N/A
    * Does this needs documentation? N/A


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/krishna-pandey/zeppelin ZEPPELIN-2461

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/2293.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2293
    
----
commit cf65c89d7fc61af5a7d045546b0b9175acc61af6
Author: krishna-pandey <kr...@gmail.com>
Date:   2017-04-27T10:44:33Z

    Set App Server name to config value

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #2293: [ZEPPELIN-2461] Masking Jetty Server version with User...

Posted by Leemoonsoo <gi...@git.apache.org>.

Github user Leemoonsoo commented on the issue:

    https://github.com/apache/zeppelin/pull/2293
  
    LGTM


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #2293: [ZEPPELIN-2461] Masking Jetty Server version wi...

Posted by krishna-pandey <gi...@git.apache.org>.

Github user krishna-pandey closed the pull request at:

    https://github.com/apache/zeppelin/pull/2293


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #2293: [ZEPPELIN-2461] Masking Jetty Server version with User...

Posted by prabhjyotsingh <gi...@git.apache.org>.

Github user prabhjyotsingh commented on the issue:

    https://github.com/apache/zeppelin/pull/2293
  
    LGTM!


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #2293: [ZEPPELIN-2461] Masking Jetty Server version with User...

Posted by jongyoul <gi...@git.apache.org>.

Github user jongyoul commented on the issue:

    https://github.com/apache/zeppelin/pull/2293
  
    LGTM


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #2293: [ZEPPELIN-2461] Masking Jetty Server version with User...

Posted by krishna-pandey <gi...@git.apache.org>.

Github user krishna-pandey commented on the issue:

    https://github.com/apache/zeppelin/pull/2293
  
    @prabhjyotsingh Jenkins job is successful.
    @Leemoonsoo, @felixcheung, @jongyoul Can you help review this?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #2293: [ZEPPELIN-2461] Masking Jetty Server version with User...

Posted by prabhjyotsingh <gi...@git.apache.org>.

Github user prabhjyotsingh commented on the issue:

    https://github.com/apache/zeppelin/pull/2293
  
    @krishna-pandey  can you set up travis, https://zeppelin.apache.org/contribution/contributions.html#continuous-integration? 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #2293: [ZEPPELIN-2461] Masking Jetty Server version wi...

Posted by krishna-pandey <gi...@git.apache.org>.

GitHub user krishna-pandey reopened a pull request:

    https://github.com/apache/zeppelin/pull/2293

    [ZEPPELIN-2461] Masking Jetty Server version with User-configurable parameter

    ### What is this PR for?
    Security conscious organisations does not want to reveal the Application Server name and version to prevent Script-kiddies from finding the information easily when fingerprinting the Application. The exact version number can tell an Attacker if the current Application Server is patched for or vulnerable to certain publicly known CVE associated to it.
    
    ### What type of PR is it?
    [Improvement | Feature]
    
    ### What is the Jira issue?
    * [ZEPPELIN-2461](https://issues.apache.org/jira/browse/ZEPPELIN-2461)
    
    ### How should this be tested?
    Providing a value in zeppelin-site.xml will replace the actual Jetty server version found in HTTP Header with provided value. E.g. 
     - edit zeppelin-site.xml and add a property `zeppelin.server.jetty.name` and with value say `TOMCAT`
     - restart the server
     - open the app in browser then observe the Response Headers for the key "Server"  this should now reflect "TOMCAT"
    
    ### Screenshots (if appropriate)
    
    ### Questions:
    * Does the licenses files need update? N/A
    * Is there breaking changes for older versions? N/A
    * Does this needs documentation? N/A


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/krishna-pandey/zeppelin ZEPPELIN-2461

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/2293.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2293
    
----
commit b071f7ad05ae36a7734bb0906b6f6e61cb688647
Author: krishna-pandey <kr...@gmail.com>
Date:   2017-04-27T10:44:33Z

    Set App Server name to config value

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #2293: [ZEPPELIN-2461] Masking Jetty Server version with User...

Posted by prabhjyotsingh <gi...@git.apache.org>.

Github user prabhjyotsingh commented on the issue:

    https://github.com/apache/zeppelin/pull/2293
  
    Will merge this to master if no more discussion.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #2293: [ZEPPELIN-2461] Masking Jetty Server version wi...

Posted by asfgit <gi...@git.apache.org>.

Github user asfgit closed the pull request at:

    https://github.com/apache/zeppelin/pull/2293


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---