You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@livy.apache.org by "Gyorgy Gal (Jira)" <ji...@apache.org> on 2023/05/09 07:40:00 UTC
[jira] [Resolved] (LIVY-974) Remove verbose output on Livy UI error pages
[ https://issues.apache.org/jira/browse/LIVY-974?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gyorgy Gal resolved LIVY-974.
-----------------------------
Resolution: Fixed
> Remove verbose output on Livy UI error pages
> --------------------------------------------
>
> Key: LIVY-974
> URL: https://issues.apache.org/jira/browse/LIVY-974
> Project: Livy
> Issue Type: Improvement
> Components: Server
> Reporter: Asif Khatri
> Assignee: Asif Khatri
> Priority: Major
> Fix For: 0.8.0
>
> Attachments: image.png
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> On error, the Livy UI shows verbose output on error pages including the Jetty version number. This could be considered as a security vulnerability. We can make it configurable and avoid sending server version details.
> The Jetty version is there in every response header as well:
> {noformat}
> $ curl -v $LIVY_URL/sessions
> ...
> < Server: Jetty(9.4.43.v20210629){noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)