----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65053/ -----------------------------------------------------------
Review request for sentry, Brian Towles, kalyan kumar kalvagadda, and Sergio Pena. Repository: sentry Description ------- HTTP parameter is directly written to Servlet error page. Echoing this untrusted input allows for a reflected cross site scripting vulnerability. See http://en.wikipedia.org/wiki/Cross-site_scripting for more information. Diffs ----- sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/LogLevelServlet.java fce41a8 Diff: https://reviews.apache.org/r/65053/diff/1/ Testing ------- Thanks, Na Li
