Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide additional documentation (details) on security implications when actuator endpoints are enabled #1125

Closed
olegz opened this issue Jun 24, 2022 · 2 comments · Fixed by #1231
Closed

Provide additional documentation (details) on security implications when actuator endpoints are enabled #1125

olegz opened this issue Jun 24, 2022 · 2 comments · Fixed by #1231
Labels
documentation
Milestone
4.0.3

Comments

@olegz
Copy link

olegz commented Jun 24, 2022

Review and provide additional details on security implications of exposed actuator endpoint that gives access to Environment variables
@olegz olegz changed the title Provide additional documentation (details) in security implications when actuator endpoints that are enabled Provide additional documentation (details) on security implications when actuator endpoints that are enabled Jun 24, 2022
@olegz olegz changed the title Provide additional documentation (details) on security implications when actuator endpoints that are enabled Provide additional documentation (details) on security implications when actuator endpoints are enabled Jun 24, 2022
@omernaci
Copy link
Contributor

omernaci commented May 4, 2023

Hi @olegz, I would happy to contribute to the updating of the document.

I have prepared the following paragraph for the relevant part. if it is convenient, I can create a PR.

NOTE: While enabling the POST method for /actuator/env endpoint can provide flexibility and convenience in managing your application environment variables, it's critical to ensure that the endpoint is secured and monitored to prevent potential security risks. Add a spring-boot-starter-security dependency to configure access control for the actuator’s endpoint.

@ryanjbaxter
Copy link
Contributor

A PR would be great!

@omernaci omernaci mentioned this issue May 4, 2023
Merged
@ryanjbaxter ryanjbaxter added this to the 4.0.3 milestone May 5, 2023
@ryanjbaxter ryanjbaxter linked a pull request May 5, 2023 that will close this issue
note section added for security implications of exposed actuator env. #1231
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation
Projects
No open projects
2022.0.3
Status: Done
Milestone
4.0.3
Development

Successfully merging a pull request may close this issue.

note section added for security implications of exposed actuator env.
5 participants
@olegz @ryanjbaxter @spencergibb @omernaci @spring-cloud-issues