[jira] [Created] (FLINK-36889) Mention locking down a Flink cluster in the 'Production Readiness Checklist'

Robert Metzger (Jira) Wed, 11 Dec 2024 08:20:38 -0800

Robert Metzger created FLINK-36889:
--------------------------------------

             Summary: Mention locking down a Flink cluster in the 'Production 
Readiness Checklist'
                 Key: FLINK-36889
                 URL: https://issues.apache.org/jira/browse/FLINK-36889
             Project: Flink
          Issue Type: Improvement
          Components: Documentation
            Reporter: Robert Metzger



The Flink PMC often receives vulnerability reports about arbitrary code 
execution vulnerabilities in Flink. We therefore added an entry into the 
security FAQ page: 
[https://flink.apache.org/what-is-flink/security/#during-a-security-analysis-of-flink-i-noticed-that-flink-allows-for-remote-code-execution-is-this-an-issue]

Still, people seem to run into this issue. To raise awareness for the issue, we 
should also add a note to the 'Production Readiness Checklist' to make sure 
that Flink clusters should only be accessible to trusted users, and not the 
whole company intranet or even the public internet.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (FLINK-36889) Mention locking down a Flink cluster in the 'Production Readiness Checklist'

Reply via email to