You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@livy.apache.org by "Asif Khatri (Jira)" <ji...@apache.org> on 2023/05/02 09:29:00 UTC

[jira] [Created] (LIVY-974) Remove verbose output on Livy UI error pages

Asif Khatri created LIVY-974:
--------------------------------

             Summary: Remove verbose output on Livy UI error pages
                 Key: LIVY-974
                 URL: https://issues.apache.org/jira/browse/LIVY-974
             Project: Livy
          Issue Type: Improvement
          Components: Server
            Reporter: Asif Khatri
             Fix For: 0.8.0
         Attachments: image.png

On error, the Livy UI shows verbose output on error pages including the Jetty version number. This could be considered as a security vulnerability. We can make it configurable and avoid sending server version details.

The Jetty version is there in every response header as well:
{noformat}
$ curl -v $LIVY_URL/sessions
...
< Server: Jetty(9.4.43.v20210629){noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)