Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-2014

Jetty Directory Listing on app, assets, components, and scripts

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.6.2
    • 0.7.3, 0.8.0
    • Core

    • RHEL

    • Important

    Description

      Security Issue, would not pass my institution's security scanners.
      The Web directory list is made publicly accessible folders by default.
      As a bandaid, I've added code in the daemon shell script to put index html files with a meta refresh in the affected directories.

      It would be nice if this could be configured on the fly with other jetty config with this:
      https://www.eclipse.org/jetty/documentation/9.3.x/override-web-xml.html

      But, a nice hard coded fix would be great in the meantime!

      Attachments

        Issue Links

          Blocked

          Task - A task that needs to be done. ZEPPELIN-2864 Release 0.7.3

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #1962

          Activity

            People

              vboginskii Viktor Boginskii
              IvanX Ian Tyndall
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: