You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Daniil Kirilyuk (Jira)" <ji...@apache.org> on 2023/02/01 06:20:00 UTC

[jira] [Created] (QPID-8620) [Broker-J] HTTP management plugin can reveal system data or debug information

Daniil Kirilyuk created QPID-8620:
-------------------------------------

             Summary: [Broker-J] HTTP management plugin can reveal system data or debug information
                 Key: QPID-8620
                 URL: https://issues.apache.org/jira/browse/QPID-8620
             Project: Qpid
          Issue Type: Improvement
          Components: Broker-J
    Affects Versions: qpid-java-broker-9.0.0
            Reporter: Daniil Kirilyuk
             Fix For: qpid-java-broker-9.0.1


The function writeObjectToResponse() in AbstractServlet.java reveals system data or debug information by calling writeValue(). AbstractServlet, RestServlet and QueryServlet return error details on exceptions. The error details should be logged instead and a generic error message should be return in the HttpServletResponse.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org