You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Daniil Kirilyuk (Jira)" <ji...@apache.org> on 2023/02/01 06:20:00 UTC
[jira] [Created] (QPID-8620) [Broker-J] HTTP management plugin can reveal system data or debug information
Daniil Kirilyuk created QPID-8620:
-------------------------------------
Summary: [Broker-J] HTTP management plugin can reveal system data or debug information
Key: QPID-8620
URL: https://issues.apache.org/jira/browse/QPID-8620
Project: Qpid
Issue Type: Improvement
Components: Broker-J
Affects Versions: qpid-java-broker-9.0.0
Reporter: Daniil Kirilyuk
Fix For: qpid-java-broker-9.0.1
The function writeObjectToResponse() in AbstractServlet.java reveals system data or debug information by calling writeValue(). AbstractServlet, RestServlet and QueryServlet return error details on exceptions. The error details should be logged instead and a generic error message should be return in the HttpServletResponse.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org