This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch cn-site
in repository https://gitbox.apache.org/repos/asf/dubbo-website.git
The following commit(s) were added to refs/heads/cn-site by this push:
new e7bb842ab31 deploy: 2ce2ab46e1abb7fec082c43e3efd1ae734fdd0b3
e7bb842ab31 is described below
commit e7bb842ab312de7eec372283c4ed46663d81f555
Author: AlbumenJ <[email protected]>
AuthorDate: Fri Oct 20 07:26:39 2023 +0000
deploy: 2ce2ab46e1abb7fec082c43e3efd1ae734fdd0b3
---
en/blog/1/01/01/serialization-protocol-security/index.html | 4 ++--
en/blog/index.xml | 10 ++++++++--
en/blog/page/5/index.html | 2 +-
en/blog/security-notices/index.xml | 10 ++++++++--
en/index.xml | 10 ++++++++--
en/sitemap.xml | 2 +-
en/tags/security-vulnerabilities/index.xml | 10 ++++++++--
sitemap.xml | 2 +-
8 files changed, 37 insertions(+), 13 deletions(-)
diff --git a/en/blog/1/01/01/serialization-protocol-security/index.html
b/en/blog/1/01/01/serialization-protocol-security/index.html
index 190319f9943..beda3feddba 100644
--- a/en/blog/1/01/01/serialization-protocol-security/index.html
+++ b/en/blog/1/01/01/serialization-protocol-security/index.html
@@ -1,4 +1,4 @@
-<!doctype html><html lang=en class=no-js><head><meta name=ROBOTS
content="INDEX, FOLLOW"><link rel=canonical
href=https://cn.dubbo.apache.org/en/blog/1/01/01/serialization-protocol-security/><script>var
_hmt=_hmt||[];(function(){var
e,t=document.createElement("script");t.src="https://hm.baidu.com/hm.js?3b78f49ba47181e4d998a66b689446e9",e=document.getElementsByTagName("script")[0],e.parentNode.insertBefore(t,e)})()</script><meta
charset=utf-8><meta name=viewport content="width=device-widt [...]
+<!doctype html><html lang=en class=no-js><head><meta name=ROBOTS
content="INDEX, FOLLOW"><link rel=canonical
href=https://cn.dubbo.apache.org/en/blog/1/01/01/serialization-protocol-security/><script>var
_hmt=_hmt||[];(function(){var
e,t=document.createElement("script");t.src="https://hm.baidu.com/hm.js?3b78f49ba47181e4d998a66b689446e9",e=document.getElementsByTagName("script")[0],e.parentNode.insertBefore(t,e)})()</script><meta
charset=utf-8><meta name=viewport content="width=device-widt [...]
<script>var
doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function
gtag(){dataLayer.push(arguments)}gtag("js",new
Date),gtag("config","G-NM6FFMT51J",{anonymize_ip:!1})}</script><link
rel=preload
href=/scss/main.min.fe7176cbe3102a33d3e8c0c9cec61eb52508abd24a2cc1ae23ccf535a481ffde.css
as=style><link
href=/scss/main.min.fe7176cbe3102a33d3e8c0c9cec61eb52508abd24a2cc1ae23ccf535a481ffde.css
rel=stylesheet integrity><script src=/js/jquery-3.5.1.min.js
integrity="sha256-9/a [...]
<link rel=stylesheet href=https://cdn.jsdelivr.net/npm/@docsearch/css@3><meta
name=theme-color content="#326ce5"><link rel=stylesheet
href=/css/feature-states.css><meta name=description content="Safer use of
serialization protocols in Dubbo"><meta property="og:description"
content="Safer use of serialization protocols in Dubbo"><meta
name=twitter:description content="Safer use of serialization protocols in
Dubbo"><meta property="og:url"
content="https://cn.dubbo.apache.org/en/blog/1/01/0 [...]
<link href=/css/community.css rel=stylesheet><link href=/css/contactus.css
rel=stylesheet><link href=/css/language.css rel=stylesheet><script
src=/js/script.js></script></head><body class="td-page
td-documentation"><header><nav class="js-navbar-scroll navbar navbar-expand
navbar-dark flex-column flex-md-row td-navbar" data-auto-burger=primary><a
class=navbar-brand href=/en/><span class=navbar-logo></span><span
class="text-uppercase font-weight-bold">Apache Dubbo</span></a><div class="td-
[...]
@@ -51,7 +51,7 @@
<label for=m-enblog20200518past-releases-check><a
href=/en/blog/2020/05/18/past-releases/ class="align-left pl-0 td-sidebar-link
td-sidebar-link__page" id=m-enblog20200518past-releases><span>Past
Releases</span></a></label></li></ul></li><li
class="td-sidebar-nav__section-title td-sidebar-nav__section with-child"
id=m-enblogsecurity-notices-li><input type=checkbox
id=m-enblogsecurity-notices-check>
<label for=m-enblogsecurity-notices-check><a href=/en/blog/security-notices/
class="align-left pl-0 td-sidebar-link td-sidebar-link__section"
id=m-enblogsecurity-notices><span>Security notices</span></a></label><ul
class="ul-2 foldable"><li class="td-sidebar-nav__section-title
td-sidebar-nav__section without-child"
id=m-enblog10101serialization-protocol-security-li><input type=checkbox
id=m-enblog10101serialization-protocol-security-check>
<label for=m-enblog10101serialization-protocol-security-check><a
href=/en/blog/1/01/01/serialization-protocol-security/ class="align-left pl-0
td-sidebar-link td-sidebar-link__page"
id=m-enblog10101serialization-protocol-security><span>Serialization Protocol
Security</span></a></label></li><li class="td-sidebar-nav__section-title
td-sidebar-nav__section without-child" id=m-enblog10101security-li><input
type=checkbox id=m-enblog10101security-check>
-<label for=m-enblog10101security-check><a href=/en/blog/1/01/01/security/
class="align-left pl-0 td-sidebar-link td-sidebar-link__page"
id=m-enblog10101security><span>Security</span></a></label></li></ul></li></ul></li></ul></nav></div></div><main
class="col-12 col-md-9 col-xl-8 pl-md-5" role=main><nav aria-label=breadcrumb
class=td-breadcrumbs><ol class=breadcrumb><li class=breadcrumb-item><a
href=https://cn.dubbo.apache.org/en/blog/>Blog</a></li><li
class=breadcrumb-item><a href=https: [...]
+<label for=m-enblog10101security-check><a href=/en/blog/1/01/01/security/
class="align-left pl-0 td-sidebar-link td-sidebar-link__page"
id=m-enblog10101security><span>Security</span></a></label></li></ul></li></ul></li></ul></nav></div></div><main
class="col-12 col-md-9 col-xl-8 pl-md-5" role=main><nav aria-label=breadcrumb
class=td-breadcrumbs><ol class=breadcrumb><li class=breadcrumb-item><a
href=https://cn.dubbo.apache.org/en/blog/>Blog</a></li><li
class=breadcrumb-item><a href=https: [...]
<button class="btn btn-primary mb-4
feedback--no">No</button></div><script>const
yes=document.querySelector(".feedback--yes"),no=document.querySelector(".feedback--no");document.querySelectorAll(".feedback--link").forEach(e=>{e.href=e.href+window.location.pathname});const
sendFeedback=e=>{gtag||console.log("!gtag"),gtag("event","click",{event_category:"Helpful",event_label:window.location.pathname,value:e})},disableButtons=()=>{yes.disabled=!0,yes.classList.add("feedback--button__disable
[...]
<a
href="https://github.com/apache/dubbo-website/new/master/content/en/blog/security-notices/serialization-security.md?filename=change-me.md&value=---%0Atitle%3A+%22Long+Page+Title%22%0AlinkTitle%3A+%22Short+Nav+Title%22%0Aweight%3A+100%0Adescription%3A+%3E-%0A+++++Page+description+for+heading+and+indexes.%0A---%0A%0A%23%23+Heading%0A%0AEdit+this+template+to+create+your+new+page.%0A%0A%2A+Give+it+a+good+name%2C+ending+in+%60.md%60+-+e.g.+%60getting-started.md%60%0A%2A+Edit+the+%22fro
[...]
<a
href="https://github.com/apache/dubbo-website/issues/new?title=Serialization%20Protocol%20Security";
target=_blank><i class="fab fa-github fa-fw"></i> Create an issue</a>
diff --git a/en/blog/index.xml b/en/blog/index.xml
index c79c59943fb..6974439e3bf 100644
--- a/en/blog/index.xml
+++ b/en/blog/index.xml
@@ -1,8 +1,14 @@
<rss version="2.0"
xmlns:atom="http://www.w3.org/2005/Atom";><channel><title>Apache Dubbo – Apache
Dubbo
Blog</title><link>https://cn.dubbo.apache.org/en/blog/</link><description>Recent
content in Apache Dubbo Blog on Apache Dubbo</description><generator>Hugo --
gohugo.io</generator><language>en</language><atom:link
href="https://cn.dubbo.apache.org/en/blog/index.xml"; rel="self"
type="application/rss+xml"/><item><title>Blog: Serialization Protocol
Security</title><link>https://cn.dubbo.ap [...]
-<p>Dubbo 3.0 has enhanced the security aspects of serialization protocols
and recommends using the Triple protocol in non-Wrapper mode. This protocol is
secure by default but requires developers to write IDL files.</p>
+<p>Dubbo 3 has enhanced the security aspects of serialization protocols and
recommends using the Triple protocol in non-Wrapper mode. This protocol is
secure by default but requires developers to write IDL files.</p>
<p>In the Triple protocol&rsquo;s Wrapper mode, compatibility with
other serialization data is allowed, offering good compatibility. However,
other protocols may have deserialization security flaws. For the Hessian2
protocol, users who require high-security attributes should enable whitelist
mode according to the sample code. The framework will enable blacklist mode by
default to block malicious calls.</p>
<p>Using other serialization protocols is not recommended. When an attacker
can access the Provider interface, security flaws in other serialization
protocols may lead to command execution through the Provider interface.</p>
-<p>If you must use other serialization protocols and wish to maintain some
level of security, you should enable the Token authentication mechanism. This
will prevent threats to the Provider&rsquo;s security from unauthenticated
and untrusted request sources. When enabling Token authentication, you should
also enable the authentication feature in the
registry.</p></description></item><item><title>Blog: Advanced cloud native -
Dubbo 3.2 officially released</title><link>https://cn [...]
+<p>If you must use other serialization protocols and wish to maintain some
level of security, you should enable the Token authentication mechanism. This
will prevent threats to the Provider&rsquo;s security from unauthenticated
and untrusted request sources. When enabling Token authentication, you should
also enable the authentication feature in the registry.</p>
+<h2 id="notice">Notice</h2>
+<p>The following serializations are proved that not safe enough to transfer
on network and not recommend to use.</p>
+<ul>
+<li>native-hessian</li>
+<li>native-java (Java ObjectOutputStream and ObjectInputStream)</li>
+</ul></description></item><item><title>Blog: Advanced cloud native - Dubbo
3.2 officially
released</title><link>https://cn.dubbo.apache.org/en/blog/2023/04/15/advanced-cloud-native-dubbo-3.2-officially-released/</link><pubDate>Sat,
15 Apr 2023 00:00:00
+0000</pubDate><guid>https://cn.dubbo.apache.org/en/blog/2023/04/15/advanced-cloud-native-dubbo-3.2-officially-released/</guid><description>
<h2 id="background-introduction">Background introduction</h2>
<p>Apache Dubbo is an RPC service development framework, which is used to
solve service governance and communication problems under the microservice
architecture. It officially provides multi-language SDK implementations such as
Java and Golang. The microservices developed using Dubbo are natively capable
of remote address discovery and communication with each other. Using the rich
service governance features provided by Dubbo, service governance demands such
as service discovery, loa [...]
<h2 id="rest-protocol-support">Rest protocol support</h2>
diff --git a/en/blog/page/5/index.html b/en/blog/page/5/index.html
index 34f7c9e2332..643905d2a29 100644
--- a/en/blog/page/5/index.html
+++ b/en/blog/page/5/index.html
@@ -55,7 +55,7 @@ Files in these directories will be listed in reverse
chronological order."><meta
<label for=m-enblogsecurity-notices-check><a href=/en/blog/security-notices/
class="align-left pl-0 td-sidebar-link td-sidebar-link__section"
id=m-enblogsecurity-notices><span>Security notices</span></a></label><ul
class="ul-2 foldable"><li class="td-sidebar-nav__section-title
td-sidebar-nav__section without-child"
id=m-enblog10101serialization-protocol-security-li><input type=checkbox
id=m-enblog10101serialization-protocol-security-check>
<label for=m-enblog10101serialization-protocol-security-check><a
href=/en/blog/1/01/01/serialization-protocol-security/ class="align-left pl-0
td-sidebar-link td-sidebar-link__page"
id=m-enblog10101serialization-protocol-security><span>Serialization Protocol
Security</span></a></label></li><li class="td-sidebar-nav__section-title
td-sidebar-nav__section without-child" id=m-enblog10101security-li><input
type=checkbox id=m-enblog10101security-check>
<label for=m-enblog10101security-check><a href=/en/blog/1/01/01/security/
class="align-left pl-0 td-sidebar-link td-sidebar-link__page"
id=m-enblog10101security><span>Security</span></a></label></li></ul></li></ul></li></ul></nav></div></div><main
class="col-12 col-md-9 col-xl-8 pl-md-5" role=main><nav aria-label=breadcrumb
class="td-breadcrumbs td-breadcrumbs__single"><ol class=breadcrumb><li
class="breadcrumb-item active" aria-current=page><a
href=https://cn.dubbo.apache.org/en/blog/ a [...]
-We strongly encourage folks to report such problems to our private security
…</p><p class=pt-0><a href=/en/blog/1/01/01/security/ aria-label="Read more -
Security">Read more</a></p></div></li><li class="media mb-4"><div
class=media-body><h5 class="mt-0 mb-1"><a
href=/en/blog/1/01/01/serialization-protocol-security/>Serialization Protocol
Security</a></h5><p class="mb-2 mb-md-3"><small class=text-muted>Monday,
January 01, 0001 in Security notices</small></p><header class=article-meta><div
[...]
+We strongly encourage folks to report such problems to our private security
…</p><p class=pt-0><a href=/en/blog/1/01/01/security/ aria-label="Read more -
Security">Read more</a></p></div></li><li class="media mb-4"><div
class=media-body><h5 class="mt-0 mb-1"><a
href=/en/blog/1/01/01/serialization-protocol-security/>Serialization Protocol
Security</a></h5><p class="mb-2 mb-md-3"><small class=text-muted>Monday,
January 01, 0001 in Security notices</small></p><header class=article-meta><div
[...]
In the Triple protocol’s Wrapper …</p><p class=pt-0><a
href=/en/blog/1/01/01/serialization-protocol-security/ aria-label="Read more -
Serialization Protocol Security">Read
more</a></p></div></li></ul></div></div><div class="row pl-2 pt-2"><div
class=col><ul class="pagination pagination-default"><li class=page-item><a
href=/en/blog/ aria-label=First class=page-link role=button><span
aria-hidden=true>««</span></a></li><li class=page-item><a
href=/en/blog/page/4/ aria-label= [...]
<button class="btn btn-primary mb-4
feedback--no">No</button></div><script>const
yes=document.querySelector(".feedback--yes"),no=document.querySelector(".feedback--no");document.querySelectorAll(".feedback--link").forEach(e=>{e.href=e.href+window.location.pathname});const
sendFeedback=e=>{gtag||console.log("!gtag"),gtag("event","click",{event_category:"Helpful",event_label:window.location.pathname,value:e})},disableButtons=()=>{yes.disabled=!0,yes.classList.add("feedback--button__disable
[...]
<a
href="https://github.com/apache/dubbo-website/new/master/content/en/blog/_index.md?filename=change-me.md&value=---%0Atitle%3A+%22Long+Page+Title%22%0AlinkTitle%3A+%22Short+Nav+Title%22%0Aweight%3A+100%0Adescription%3A+%3E-%0A+++++Page+description+for+heading+and+indexes.%0A---%0A%0A%23%23+Heading%0A%0AEdit+this+template+to+create+your+new+page.%0A%0A%2A+Give+it+a+good+name%2C+ending+in+%60.md%60+-+e.g.+%60getting-started.md%60%0A%2A+Edit+the+%22front+matter%22+section+at+the+top+o
[...]
diff --git a/en/blog/security-notices/index.xml
b/en/blog/security-notices/index.xml
index 811a5cde624..70da9680dc7 100644
--- a/en/blog/security-notices/index.xml
+++ b/en/blog/security-notices/index.xml
@@ -1,8 +1,14 @@
<rss version="2.0"
xmlns:atom="http://www.w3.org/2005/Atom";><channel><title>Apache Dubbo –
Security
notices</title><link>https://cn.dubbo.apache.org/en/blog/security-notices/</link><description>Recent
content in Security notices on Apache Dubbo</description><generator>Hugo --
gohugo.io</generator><language>en</language><atom:link
href="https://cn.dubbo.apache.org/en/blog/security-notices/index.xml";
rel="self" type="application/rss+xml"/><item><title>Blog: Serialization
Protocol Security< [...]
-<p>Dubbo 3.0 has enhanced the security aspects of serialization protocols
and recommends using the Triple protocol in non-Wrapper mode. This protocol is
secure by default but requires developers to write IDL files.</p>
+<p>Dubbo 3 has enhanced the security aspects of serialization protocols and
recommends using the Triple protocol in non-Wrapper mode. This protocol is
secure by default but requires developers to write IDL files.</p>
<p>In the Triple protocol&rsquo;s Wrapper mode, compatibility with
other serialization data is allowed, offering good compatibility. However,
other protocols may have deserialization security flaws. For the Hessian2
protocol, users who require high-security attributes should enable whitelist
mode according to the sample code. The framework will enable blacklist mode by
default to block malicious calls.</p>
<p>Using other serialization protocols is not recommended. When an attacker
can access the Provider interface, security flaws in other serialization
protocols may lead to command execution through the Provider interface.</p>
-<p>If you must use other serialization protocols and wish to maintain some
level of security, you should enable the Token authentication mechanism. This
will prevent threats to the Provider&rsquo;s security from unauthenticated
and untrusted request sources. When enabling Token authentication, you should
also enable the authentication feature in the
registry.</p></description></item><item><title>Blog:
Security</title><link>https://cn.dubbo.apache.org/en/blog/1/01/01/security/</
[...]
+<p>If you must use other serialization protocols and wish to maintain some
level of security, you should enable the Token authentication mechanism. This
will prevent threats to the Provider&rsquo;s security from unauthenticated
and untrusted request sources. When enabling Token authentication, you should
also enable the authentication feature in the registry.</p>
+<h2 id="notice">Notice</h2>
+<p>The following serializations are proved that not safe enough to transfer
on network and not recommend to use.</p>
+<ul>
+<li>native-hessian</li>
+<li>native-java (Java ObjectOutputStream and ObjectInputStream)</li>
+</ul></description></item><item><title>Blog:
Security</title><link>https://cn.dubbo.apache.org/en/blog/1/01/01/security/</link><pubDate>Mon,
01 Jan 0001 00:00:00
+0000</pubDate><guid>https://cn.dubbo.apache.org/en/blog/1/01/01/security/</guid><description>
<h2 id="reporting-security-issues">Reporting security issues</h2>
<p>The Apache Software Foundation takes a very active stance in eliminating
security problems and denial of service attacks against its products.</p>
<p>We strongly encourage folks to report such problems to our private
security mailing list first, before disclosing them in a public forum.</p>
diff --git a/en/index.xml b/en/index.xml
index f82a5c69df1..12a651dc8bc 100644
--- a/en/index.xml
+++ b/en/index.xml
@@ -1,8 +1,14 @@
<rss version="2.0"
xmlns:atom="http://www.w3.org/2005/Atom";><channel><title>Apache Dubbo – Apache
Dubbo</title><link>https://cn.dubbo.apache.org/en/</link><description>Recent
content on Apache Dubbo</description><generator>Hugo --
gohugo.io</generator><language>en</language><atom:link
href="https://cn.dubbo.apache.org/en/index.xml"; rel="self"
type="application/rss+xml"/><item><title>Blog: Serialization Protocol
Security</title><link>https://cn.dubbo.apache.org/en/blog/1/01/01/serializati
[...]
-<p>Dubbo 3.0 has enhanced the security aspects of serialization protocols
and recommends using the Triple protocol in non-Wrapper mode. This protocol is
secure by default but requires developers to write IDL files.</p>
+<p>Dubbo 3 has enhanced the security aspects of serialization protocols and
recommends using the Triple protocol in non-Wrapper mode. This protocol is
secure by default but requires developers to write IDL files.</p>
<p>In the Triple protocol&rsquo;s Wrapper mode, compatibility with
other serialization data is allowed, offering good compatibility. However,
other protocols may have deserialization security flaws. For the Hessian2
protocol, users who require high-security attributes should enable whitelist
mode according to the sample code. The framework will enable blacklist mode by
default to block malicious calls.</p>
<p>Using other serialization protocols is not recommended. When an attacker
can access the Provider interface, security flaws in other serialization
protocols may lead to command execution through the Provider interface.</p>
-<p>If you must use other serialization protocols and wish to maintain some
level of security, you should enable the Token authentication mechanism. This
will prevent threats to the Provider&rsquo;s security from unauthenticated
and untrusted request sources. When enabling Token authentication, you should
also enable the authentication feature in the
registry.</p></description></item><item><title>Blog: Advanced cloud native -
Dubbo 3.2 officially released</title><link>https://cn [...]
+<p>If you must use other serialization protocols and wish to maintain some
level of security, you should enable the Token authentication mechanism. This
will prevent threats to the Provider&rsquo;s security from unauthenticated
and untrusted request sources. When enabling Token authentication, you should
also enable the authentication feature in the registry.</p>
+<h2 id="notice">Notice</h2>
+<p>The following serializations are proved that not safe enough to transfer
on network and not recommend to use.</p>
+<ul>
+<li>native-hessian</li>
+<li>native-java (Java ObjectOutputStream and ObjectInputStream)</li>
+</ul></description></item><item><title>Blog: Advanced cloud native - Dubbo
3.2 officially
released</title><link>https://cn.dubbo.apache.org/en/blog/2023/04/15/advanced-cloud-native-dubbo-3.2-officially-released/</link><pubDate>Sat,
15 Apr 2023 00:00:00
+0000</pubDate><guid>https://cn.dubbo.apache.org/en/blog/2023/04/15/advanced-cloud-native-dubbo-3.2-officially-released/</guid><description>
<h2 id="background-introduction">Background introduction</h2>
<p>Apache Dubbo is an RPC service development framework, which is used to
solve service governance and communication problems under the microservice
architecture. It officially provides multi-language SDK implementations such as
Java and Golang. The microservices developed using Dubbo are natively capable
of remote address discovery and communication with each other. Using the rich
service governance features provided by Dubbo, service governance demands such
as service discovery, loa [...]
<h2 id="rest-protocol-support">Rest protocol support</h2>
diff --git a/en/sitemap.xml b/en/sitemap.xml
index 64868529ec2..a6fb4c0729d 100644
--- a/en/sitemap.xml
+++ b/en/sitemap.xml
@@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><urlset
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";
xmlns:xhtml="http://www.w3.org/1999/xhtml";><url><loc>https://cn.dubbo.apache.org/en/docs3-v2/java-sdk/faq/0/</loc><lastmod>2023-01-02T18:18:49+08:00</lastmod><changefreq>monthly</changefreq><priority>0.5</priority></url><url><loc>https://cn.dubbo.apache.org/en/docs3-v2/java-sdk/faq/0/1/</loc><lastmod>2023-01-03T15:09:00+08:00</lastmod><changefreq>monthly</changefreq><priorit
[...]
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><urlset
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";
xmlns:xhtml="http://www.w3.org/1999/xhtml";><url><loc>https://cn.dubbo.apache.org/en/docs3-v2/java-sdk/faq/0/</loc><lastmod>2023-01-02T18:18:49+08:00</lastmod><changefreq>monthly</changefreq><priority>0.5</priority></url><url><loc>https://cn.dubbo.apache.org/en/docs3-v2/java-sdk/faq/0/1/</loc><lastmod>2023-01-03T15:09:00+08:00</lastmod><changefreq>monthly</changefreq><priorit
[...]
\ No newline at end of file
diff --git a/en/tags/security-vulnerabilities/index.xml
b/en/tags/security-vulnerabilities/index.xml
index 8239a4317ee..9e2dfdc61fe 100644
--- a/en/tags/security-vulnerabilities/index.xml
+++ b/en/tags/security-vulnerabilities/index.xml
@@ -1,5 +1,11 @@
<rss version="2.0"
xmlns:atom="http://www.w3.org/2005/Atom";><channel><title>Apache Dubbo –
Security
Vulnerabilities</title><link>https://cn.dubbo.apache.org/en/tags/security-vulnerabilities/</link><description>Recent
content in Security Vulnerabilities on Apache
Dubbo</description><generator>Hugo --
gohugo.io</generator><language>en</language><atom:link
href="https://cn.dubbo.apache.org/en/tags/security-vulnerabilities/index.xml";
rel="self" type="application/rss+xml"/><item><title>Blog: [...]
-<p>Dubbo 3.0 has enhanced the security aspects of serialization protocols
and recommends using the Triple protocol in non-Wrapper mode. This protocol is
secure by default but requires developers to write IDL files.</p>
+<p>Dubbo 3 has enhanced the security aspects of serialization protocols and
recommends using the Triple protocol in non-Wrapper mode. This protocol is
secure by default but requires developers to write IDL files.</p>
<p>In the Triple protocol&rsquo;s Wrapper mode, compatibility with
other serialization data is allowed, offering good compatibility. However,
other protocols may have deserialization security flaws. For the Hessian2
protocol, users who require high-security attributes should enable whitelist
mode according to the sample code. The framework will enable blacklist mode by
default to block malicious calls.</p>
<p>Using other serialization protocols is not recommended. When an attacker
can access the Provider interface, security flaws in other serialization
protocols may lead to command execution through the Provider interface.</p>
-<p>If you must use other serialization protocols and wish to maintain some
level of security, you should enable the Token authentication mechanism. This
will prevent threats to the Provider&rsquo;s security from unauthenticated
and untrusted request sources. When enabling Token authentication, you should
also enable the authentication feature in the
registry.</p></description></item></channel></rss>
\ No newline at end of file
+<p>If you must use other serialization protocols and wish to maintain some
level of security, you should enable the Token authentication mechanism. This
will prevent threats to the Provider&rsquo;s security from unauthenticated
and untrusted request sources. When enabling Token authentication, you should
also enable the authentication feature in the registry.</p>
+<h2 id="notice">Notice</h2>
+<p>The following serializations are proved that not safe enough to transfer
on network and not recommend to use.</p>
+<ul>
+<li>native-hessian</li>
+<li>native-java (Java ObjectOutputStream and ObjectInputStream)</li>
+</ul></description></item></channel></rss>
\ No newline at end of file
diff --git a/sitemap.xml b/sitemap.xml
index fc9b42cadbc..493caf15358 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><sitemapindex
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";><sitemap><loc>https://cn.dubbo.apache.org/zh-cn/sitemap.xml</loc><lastmod>2023-10-19T19:26:31+08:00</lastmod></sitemap><sitemap><loc>https://cn.dubbo.apache.org/en/sitemap.xml</loc><lastmod>2023-10-18T10:05:04+08:00</lastmod></sitemap></sitemapindex>
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><sitemapindex
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";><sitemap><loc>https://cn.dubbo.apache.org/zh-cn/sitemap.xml</loc><lastmod>2023-10-19T19:26:31+08:00</lastmod></sitemap><sitemap><loc>https://cn.dubbo.apache.org/en/sitemap.xml</loc><lastmod>2023-10-20T15:21:02+08:00</lastmod></sitemap></sitemapindex>
\ No newline at end of file
