[docs][chore] warning for using localhost in security-best-practices (#…

…9444) **Description:** <Describe what has changed.> warning and alert for using localhost which might go under DNS resolution and end up with an unexpected IP, risking security. **Link to tracking Issue:** #9338 **Documentation:** Added Waring and risk alert in https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md --------- Co-authored-by: Pablo Baeyens <pbaeyens31+github@gmail.com>
open-telemetry · Mar 6, 2024 · 2832cd5 · 2832cd5
1 parent fc08135
commit 2832cd5
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/docs/security-best-practices.md b/docs/security-best-practices.md
@@ -150,6 +150,9 @@ For more information, see [CWE-1327](https://cwe.mitre.org/data/definitions/1327
 
 To change the default endpoint to be `localhost`-bound in all components, enable the `component.UseLocalHostAsDefaultHost` feature gate. This feature gate will be enabled by default in the Collector in a future release.
 
+
+If `localhost` resolves to a different IP due to your DNS settings then explicitly use the loopback IP instead: `127.0.0.1` for IPv4 or `::1` for IPv6. In IPv6 setups, ensure your system supports both IPv4 and IPv6 loopback addresses to avoid issues.
+
 ## Processors
 
 Processors sit between receivers and exporters. They are responsible for
@@ -218,4 +221,4 @@ Extensions may also be used to run subprocesses. This can be useful when
 collection mechanisms that cannot natively be run by the Collector (e.g.
 FluentBit). Subprocesses expose a completely separate attack vector that would
 depend on the subprocess itself. In general, care should be taken before
-running any subprocesses alongside the Collector.
+running any subprocesses alongside the Collector.