Hi Fellow Spark users,
We are using Spark 2.3.0 and security team is reporting a violation that
Spark allows HTTP OPTIONS method to work(This method exposes what all
methods are supported by the end point which could be exploited by a
hacker).
This method is on Jetty web server, I see Spark uses J
Aah - actually found https://issues.apache.org/jira/browse/SPARK-18664 -
"Don't respond to HTTP OPTIONS in HTTP-based UIs"
Does anyone know if this can be prioritized?
Thanks
Ankit
On Tue, Apr 30, 2019 at 1:31 PM Ankit Jain wrote:
> Hi Fellow Spark users,
> We are using Spark 2.3.0 and securit
+ d...@spark.apache.org
On Tue, Apr 30, 2019 at 4:23 PM Ankit Jain wrote:
> Aah - actually found https://issues.apache.org/jira/browse/SPARK-18664 -
> "Don't respond to HTTP OPTIONS in HTTP-based UIs"
>
> Does anyone know if this can be prioritized?
>
> Thanks
> Ankit
>
> On Tue, Apr 30, 2019 at
://security.stackexchange.com/questions/21413/how-to-exploit-http-methods
From: Ankit Jain
Sent: Tuesday, April 30, 2019 7:25 PM
To: user@spark.apache.org; d...@spark.apache.org
Subject: Re: Turning off Jetty Http Options Method
+ d...@spark.apache.org <http://apache.org>
On Tu
Jain
> *Sent:* Tuesday, April 30, 2019 7:25 PM
> *To:* user@spark.apache.org; d...@spark.apache.org
> *Subject:* Re: Turning off Jetty Http Options Method
>
>
>
> + *dev*@*spark*.apache.org
>
>
>
> On Tue, Apr 30, 2019 at 4:23 PM Ankit Jain
> wrote:
>
> A