[jira] [Created] (QPID-8620) [Broker-J] HTTP management plugin can reveal system data or debug information

Daniil Kirilyuk (Jira) Tue, 31 Jan 2023 22:20:04 -0800

Daniil Kirilyuk created QPID-8620:
-------------------------------------

             Summary: [Broker-J] HTTP management plugin can reveal system data 
or debug information
                 Key: QPID-8620
                 URL: https://issues.apache.org/jira/browse/QPID-8620
             Project: Qpid
          Issue Type: Improvement
          Components: Broker-J
    Affects Versions: qpid-java-broker-9.0.0
            Reporter: Daniil Kirilyuk
             Fix For: qpid-java-broker-9.0.1



The function writeObjectToResponse() in AbstractServlet.java reveals system 
data or debug information by calling writeValue(). AbstractServlet, RestServlet 
and QueryServlet return error details on exceptions. The error details should 
be logged instead and a generic error message should be return in the 
HttpServletResponse.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

[jira] [Created] (QPID-8620) [Broker-J] HTTP management plugin can reveal system data or debug information

Reply via email to