spark-instrumented-optimizer

History

NICHOLAS T. MARION b512233a45 [SPARK-20393][WEBU UI] Strengthen Spark to prevent XSS vulnerabilities ## What changes were proposed in this pull request? Add stripXSS and stripXSSMap to Spark Core's UIUtils. Calling these functions at any point that getParameter is called against a HttpServletRequest. ## How was this patch tested? Unit tests, IBM Security AppScan Standard no longer showing vulnerabilities, manual verification of WebUI pages. Author: NICHOLAS T. MARION <nmarion@us.ibm.com> Closes #17686 from n-marion/xss-fix.	2017-05-10 10:59:57 +01:00
..
mesos	[SPARK-20393][WEBU UI] Strengthen Spark to prevent XSS vulnerabilities	2017-05-10 10:59:57 +01:00
yarn	[SPARK-20605][CORE][YARN][MESOS] Deprecate not used AM and executor port configuration	2017-05-08 14:27:56 -07:00

NICHOLAS T. MARION b512233a45 [SPARK-20393][WEBU UI] Strengthen Spark to prevent XSS vulnerabilities

## What changes were proposed in this pull request?

Add stripXSS and stripXSSMap to Spark Core's UIUtils. Calling these functions at any point that getParameter is called against a HttpServletRequest.

## How was this patch tested?

Unit tests, IBM Security AppScan Standard no longer showing vulnerabilities, manual verification of WebUI pages.

Author: NICHOLAS T. MARION <nmarion@us.ibm.com>

Closes #17686 from n-marion/xss-fix.

2017-05-10 10:59:57 +01:00

mesos

[SPARK-20393][WEBU UI] Strengthen Spark to prevent XSS vulnerabilities

2017-05-10 10:59:57 +01:00

yarn

[SPARK-20605][CORE][YARN][MESOS] Deprecate not used AM and executor port configuration

2017-05-08 14:27:56 -07:00