[jira] [Resolved] (FLINK-36889) Mention locking down a Flink cluster in the 'Production Readiness Checklist'

Robert Metzger (Jira) Tue, 17 Dec 2024 04:55:18 -0800


     [ 
https://issues.apache.org/jira/browse/FLINK-36889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Robert Metzger resolved FLINK-36889.
------------------------------------
    Fix Version/s: 2.0.0
       Resolution: Fixed

Merged to master (2.0.0) in 
https://github.com/apache/flink/commit/473a3e8a7b36ab3c4c9422fdc7da5dae60451f13

> Mention locking down a Flink cluster in the 'Production Readiness Checklist'
> ----------------------------------------------------------------------------
>
>                 Key: FLINK-36889
>                 URL: https://issues.apache.org/jira/browse/FLINK-36889
>             Project: Flink
>          Issue Type: Improvement
>          Components: Documentation
>            Reporter: Robert Metzger
>            Assignee: Samrat Deb
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.0.0
>
>
> The Flink PMC often receives vulnerability reports about arbitrary code 
> execution vulnerabilities in Flink. We therefore added an entry into the 
> security FAQ page: 
> [https://flink.apache.org/what-is-flink/security/#during-a-security-analysis-of-flink-i-noticed-that-flink-allows-for-remote-code-execution-is-this-an-issue]
> Still, people seem to run into this issue. To raise awareness for the issue, 
> we should also add a note to the 'Production Readiness Checklist' to make 
> sure that Flink clusters should only be accessible to trusted users, and not 
> the whole company intranet or even the public internet.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (FLINK-36889) Mention locking down a Flink cluster in the 'Production Readiness Checklist'

Reply via email to