zookeeper icon indicating copy to clipboard operation
zookeeper copied to clipboard

ZOOKEEPER-3731: Disallow HTTP TRACE method on PrometheusMetrics Server

Open doxsch opened this issue 4 years ago • 2 comments

This is a copy of https://github.com/apache/zookeeper/pull/1349/files (ZOOKEEPER-3772) but for the PrometheusMetrics Server.

Added the test requested in https://github.com/apache/zookeeper/pull/1539

doxsch avatar Apr 12 '21 13:04 doxsch

Hi @hanm and @eolivelli Can you take a look at this PR? The metrics endpoint is hit on a nessus scan because it allows trace method. This has been fixed in this PR.

doxsch avatar Jun 14 '21 11:06 doxsch

Hi @hanm and @eolivelli

Are there any further concerns about this PR? Or could this be merged?

doxsch avatar Mar 04 '22 12:03 doxsch

Hi @hanm @eolivelli any news about this PR?

We are having issues with our vulnerabilities scans about this... I see this PR is opened for some time now, is there anything left to be merged?

Thanks

goncalocribeiro avatar Mar 08 '23 12:03 goncalocribeiro