You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@livy.apache.org by "Asif Khatri (Jira)" <ji...@apache.org> on 2023/05/02 09:29:00 UTC
[jira] [Created] (LIVY-974) Remove verbose output on Livy UI error pages
Asif Khatri created LIVY-974:
--------------------------------
Summary: Remove verbose output on Livy UI error pages
Key: LIVY-974
URL: https://issues.apache.org/jira/browse/LIVY-974
Project: Livy
Issue Type: Improvement
Components: Server
Reporter: Asif Khatri
Fix For: 0.8.0
Attachments: image.png
On error, the Livy UI shows verbose output on error pages including the Jetty version number. This could be considered as a security vulnerability. We can make it configurable and avoid sending server version details.
The Jetty version is there in every response header as well:
{noformat}
$ curl -v $LIVY_URL/sessions
...
< Server: Jetty(9.4.43.v20210629){noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)