[ https://issues.apache.org/jira/browse/HADOOP-6441?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Devaraj Das updated HADOOP-6441: -------------------------------- Release Note: Quotes the characters coming out of getRequestUrl and getServerName in HttpServer.java as per the specification in HADOOP-6151. > Prevent remote CSS attacks in Hostname and UTF-7. > ------------------------------------------------- > > Key: HADOOP-6441 > URL: https://issues.apache.org/jira/browse/HADOOP-6441 > Project: Hadoop Common > Issue Type: Bug > Components: security > Reporter: Owen O'Malley > Assignee: Owen O'Malley > Fix For: 0.21.0 > > Attachments: h-6441.20.patch, h-6441.patch > > > There are currently vulnerabilities for CSS in Hadoop's Web UI that allow CSS > attacks. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.