Hi all, There was recently a private report to the Flink PMC, as well as publicly [1] about Flink's ability to execute arbitrary code. In scenarios where Flink is accessible by somebody unauthorized, this can lead to issues. The PMC received a similar report in November 2018.
I believe it would be good to warn our users a bit more prominently about the risks of accidentally opening up Flink to the public internet, or other unauthorized entities. I have collected the following potential solutions discussed so far: a) Add a check-security.sh script, or a check into the frontend if the JobManager can be reached on the public internet b) Add a prominent warning to the download page c) add an opt-out warning to the Flink logs / UI that can be disabled via the config. d) Bind the REST endpoint to localhost only, by default I'm curious to hear if others have other ideas what to do. I personally like to kick things off with b). Best, Robert [1] https://twitter.com/pyn3rd/status/1197397475897692160
