[
https://issues.apache.org/jira/browse/HIVE-22533?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16981832#comment-16981832
]
Hive QA commented on HIVE-22533:
--------------------------------
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12986669/HIVE-22533.0.patch
{color:red}ERROR:{color} -1 due to build exiting with an error
Test results:
https://builds.apache.org/job/PreCommit-HIVE-Build/19600/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/19600/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-19600/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Tests exited with: Exception: Patch URL
https://issues.apache.org/jira/secure/attachment/12986669/HIVE-22533.0.patch
was found in seen patch url's cache and a test was probably run already on it.
Aborting...
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12986669 - PreCommit-HIVE-Build
> Fix possible LLAP daemon web UI vulnerabilities
> -----------------------------------------------
>
> Key: HIVE-22533
> URL: https://issues.apache.org/jira/browse/HIVE-22533
> Project: Hive
> Issue Type: Improvement
> Components: llap
> Reporter: Ádám Szita
> Assignee: Ádám Szita
> Priority: Major
> Attachments: HIVE-22533.0.patch
>
>
> Security tools that look for possible vulnerabilities find issues with LLAP
> daemon web UI:
> * *dir listing* for _images,css,js_ folders
> * *missing X-Frame-Options response header* in the response
> Similarly we should disable dir listing on HS2 web UI /static page too, as it
> is of no use anyway.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
