You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@livy.apache.org by "Gyorgy Gal (Jira)" <ji...@apache.org> on 2023/05/09 07:40:00 UTC

[jira] [Resolved] (LIVY-974) Remove verbose output on Livy UI error pages

     [ https://issues.apache.org/jira/browse/LIVY-974?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Gyorgy Gal resolved LIVY-974.
-----------------------------
    Resolution: Fixed

> Remove verbose output on Livy UI error pages
> --------------------------------------------
>
>                 Key: LIVY-974
>                 URL: https://issues.apache.org/jira/browse/LIVY-974
>             Project: Livy
>          Issue Type: Improvement
>          Components: Server
>            Reporter: Asif Khatri
>            Assignee: Asif Khatri
>            Priority: Major
>             Fix For: 0.8.0
>
>         Attachments: image.png
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> On error, the Livy UI shows verbose output on error pages including the Jetty version number. This could be considered as a security vulnerability. We can make it configurable and avoid sending server version details.
> The Jetty version is there in every response header as well:
> {noformat}
> $ curl -v $LIVY_URL/sessions
> ...
> < Server: Jetty(9.4.43.v20210629){noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)