You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Jonathan Maron (JIRA)" <ji...@apache.org> on 2016/05/12 14:02:12 UTC

[jira] [Created] (YARN-5076) YARN web interfaces lack XFS protection

Jonathan Maron created YARN-5076:
------------------------------------

             Summary: YARN web interfaces lack XFS protection
                 Key: YARN-5076
                 URL: https://issues.apache.org/jira/browse/YARN-5076
             Project: Hadoop YARN
          Issue Type: Bug
          Components: nodemanager, resourcemanager, timelineserver
            Reporter: Jonathan Maron
            Assignee: Jonathan Maron


There are web interfaces in YARN that do not provide protection against cross frame scripting (https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet).  HADOOP-13008 provides a common filter for addressing this vulnerability, so this filter should be integrated into the YARN web interfaces.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org