What's new in Cloudera Runtime 7.1.9 SP1 CHF 8

What's new in Streams Replication Manager

Enhanced security with HTTP headers and HSTS enforcement

Streams Replication Manager now includes various security headers in all API endpoint responses. These headers are added to improve overall security. Additionally, if SSL is enabled, HTTP Strict Transport Security (HSTS) is enforced as well to ensure that communication occurs over HTTPS.

The following headers are now included in API responses:

• Strict-Transport-Security: max-age=31536000; includeSubDomains - Enforces HTTPS communication for all requests, including subdomains, for a duration of one year. This header is only added when SSL is enabled.

• X-Frame-Options: SAMEORIGIN - Prevents clickjacking attacks by disallowing the page from being embedded in elements on other domains.

• X-XSS-Protection: 1; mode=block - Enables the XSS filter of the browser and blocks the page if an attack is detected.

• Content-Type: application/json - Ensures proper MIME type handling for responses.

• Cache-Control - Controls caching behavior.

  • Configured for API endpoints as no-store.
  • Configured for Swagger UI endpoints as max-age=7200.

• X-Content-Type-Options: nosniff - Prevents MIME type sniffing.

• Content-Security-Policy - Implements strict policies to control the sources of content that can be loaded.

  • Configured for API endpoints as default-src 'none';.
  • Configured for Swagger UI endpoints as default-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data:; style-src-attr 'self' 'unsafe-hashes'; style-src 'self' unsafe-inline'.