Skip to content
Permalink
Browse files Browse the repository at this point in the history
SECURITY: Disable MessageBus::Diagnostics.
MessageBus::Diagnostics allows anyone with access to carry out certain
operations that may result in a denial of service. The impact of this is
greater on multisiite clusters.
  • Loading branch information
tgxworld committed Dec 17, 2021
1 parent 30bc65a commit 7a8ec12
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion config/initializers/004-message_bus.rb
Expand Up @@ -120,7 +120,6 @@ def setup_message_bus_env(env)
MessageBus.long_polling_enabled = SiteSetting.enable_long_polling
MessageBus.long_polling_interval = SiteSetting.long_polling_interval
MessageBus.cache_assets = !Rails.env.development?
MessageBus.enable_diagnostics

if Rails.env == "test" || $0 =~ /rake$/
# disable keepalive in testing
Expand Down

0 comments on commit 7a8ec12

Please sign in to comment.