You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Jonathan Maron (JIRA)" <ji...@apache.org> on 2016/05/12 14:02:12 UTC
[jira] [Created] (YARN-5076) YARN web interfaces lack XFS
protection
Jonathan Maron created YARN-5076:
------------------------------------
Summary: YARN web interfaces lack XFS protection
Key: YARN-5076
URL: https://issues.apache.org/jira/browse/YARN-5076
Project: Hadoop YARN
Issue Type: Bug
Components: nodemanager, resourcemanager, timelineserver
Reporter: Jonathan Maron
Assignee: Jonathan Maron
There are web interfaces in YARN that do not provide protection against cross frame scripting (https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet). HADOOP-13008 provides a common filter for addressing this vulnerability, so this filter should be integrated into the YARN web interfaces.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org