Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-73283

Stack trace should be hidden from REST responses

XMLWordPrintable

    • 19
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Certain URLs may return a XML response containing a stack trace. In JRASERVER-38101, we allowed admins to hide/show the stack trace in the 500 error webpage, but XML responses were not in the scope of the fix.

      Steps to reproduce

      Open the following URL in a web browser:

      • http://<<jira_node>>/rest/api/1.0/menus/home_link

      or using curl:

      curl http://<<jira_node>>/rest/api/1.0/menus/home_link

      Observed behaviour

      A stack trace is displayed

      Desired behaviour

      The stack trace should be hidden

        1. stack_screen.png
          stack_screen.png
          530 kB

            [JRASERVER-73283] Stack trace should be hidden from REST responses

            Kaviraj Kyatam added a comment -

            Hi,

            Any updates on this.
            Please take this on priority.

            Kaviraj Kyatam added a comment - Hi, Any updates on this. Please take this on priority.

            Markus added a comment -

            Hi,

            is there any update?
            Some internal security scans are rating this kind of behavior as vulnerability.

            Best regards,
            Markus

            Markus added a comment - Hi, is there any update? Some internal security scans are rating this kind of behavior as vulnerability. Best regards, Markus

            Sushma Shetty added a comment -

            Hi any update

            Sushma Shetty added a comment - Hi any update

            Kaviraj Kyatam added a comment -

            Please push this forward to the upcoming Jira version

            Kaviraj Kyatam added a comment - Please push this forward to the upcoming Jira version

            Marlin Babu Varughese added a comment -

            +1

            Marlin Babu Varughese added a comment - +1

            Kaviraj Kyatam added a comment -

            Hi Team,

            This is highly escalated at our side and need immediate fix for this issue on highest priority.
            It was long pending issue related to this bug ticket: https://jira.atlassian.com/browse/JRASERVER-38101 , where it was already fixed, but it was not when we checked on the upgraded version of JIRA.

            Please do consider this in the next upcoming JIRA version.

            Best Regards,

            Kaviraj Kyatam added a comment - Hi Team, This is highly escalated at our side and need immediate fix for this issue on highest priority. It was long pending issue related to this bug ticket: https://jira.atlassian.com/browse/JRASERVER-38101 , where it was already fixed, but it was not when we checked on the upgraded version of JIRA. Please do consider this in the next upcoming JIRA version. Best Regards,

            Kaviraj Kyatam added a comment -

            Any update on this?

            Kaviraj Kyatam added a comment - Any update on this?

            Mohamed Amine Mahmoud added a comment -

            Hello , Is there any update on this ?

            Mohamed Amine Mahmoud added a comment - Hello , Is there any update on this ?

              Unassigned Unassigned
              astegani Alex Stegani
              Votes:
              40 Vote for this issue
              Watchers:
              44 Start watching this issue

                Created:
                Updated: