[
https://issues.apache.org/jira/browse/FLINK-36889?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17905051#comment-17905051
]
Robert Metzger commented on FLINK-36889:
----------------------------------------
Thanks, assigned.
> Mention locking down a Flink cluster in the 'Production Readiness Checklist'
> ----------------------------------------------------------------------------
>
> Key: FLINK-36889
> URL: https://issues.apache.org/jira/browse/FLINK-36889
> Project: Flink
> Issue Type: Improvement
> Components: Documentation
> Reporter: Robert Metzger
> Assignee: Samrat Deb
> Priority: Major
>
> The Flink PMC often receives vulnerability reports about arbitrary code
> execution vulnerabilities in Flink. We therefore added an entry into the
> security FAQ page:
> [https://flink.apache.org/what-is-flink/security/#during-a-security-analysis-of-flink-i-noticed-that-flink-allows-for-remote-code-execution-is-this-an-issue]
> Still, people seem to run into this issue. To raise awareness for the issue,
> we should also add a note to the 'Production Readiness Checklist' to make
> sure that Flink clusters should only be accessible to trusted users, and not
> the whole company intranet or even the public internet.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
