This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi-site.git
The following commit(s) were added to refs/heads/main by this push:
new ca3ce10d Added Security Model paragraph on process management protocol
ca3ce10d is described below
commit ca3ce10d81ec8dd4aceb48dde2414ce9c6d1c898
Author: exceptionfactory <[email protected]>
AuthorDate: Thu Feb 26 23:15:00 2026 -0600
Added Security Model paragraph on process management protocol
---
content/documentation/security.md | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/content/documentation/security.md
b/content/documentation/security.md
index e3817181..bf7c371f 100644
--- a/content/documentation/security.md
+++ b/content/documentation/security.md
@@ -39,6 +39,11 @@ running operating system commands, while other scripted
components support execu
different programming languages. Configuring these components with untrusted
commands or arguments is
contrary to best practices, but it does not constitute of security issue for
remediation.
+The application implements process management and diagnostic operations using
the HTTP protocol, with the default
+configuration binding to the localhost address. Privileged administrators can
configure process management on an
+alternative address, which can alter the security posture of the application.
It is the responsibility of privileged
+administrators to implement other protection strategies when changing the
default bind address.
+
## Reporting Process
- Notify the project on initial discovery of a potential security vulnerability
