[ https://issues.apache.org/jira/browse/MESOS-5708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15369473#comment-15369473 ]
Adam B commented on MESOS-5708: ------------------------------- commit 49db3424bb6ad906596449668735dafbe744626f Author: Abhishek Dasgupta <a10gu...@linux.vnet.ibm.com> Date: Sun Jul 10 00:56:42 2016 -0700 Added text for authorization in endpoint docs for '/files/debug'. Review: https://reviews.apache.org/r/49794/ > Add authz to /files/debug > ------------------------- > > Key: MESOS-5708 > URL: https://issues.apache.org/jira/browse/MESOS-5708 > Project: Mesos > Issue Type: Task > Components: security > Reporter: Adam B > Assignee: Abhishek Dasgupta > Priority: Minor > Labels: mesosphere, security > Fix For: 1.0.0 > > > The /files/debug endpoint exposes the attached master/agent log paths and > every attached sandbox path, which includes the frameworkId and executorId. > Even if sandboxes are protected, we still don't want to expose this > information to unauthorized users. -- This message was sent by Atlassian JIRA (v6.3.4#6332)