This is an automated email from the ASF dual-hosted git repository. exceptionfactory pushed a commit to branch main-staging in repository https://gitbox.apache.org/repos/asf/nifi-site.git
commit d077f80b6e09d7ff71ecb85363b23542c345da22 Author: exceptionfactory <[email protected]> AuthorDate: Thu Feb 26 23:15:00 2026 -0600 Added Security Model paragraph on process management protocol (cherry picked from commit ca3ce10d81ec8dd4aceb48dde2414ce9c6d1c898) --- content/documentation/security.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/content/documentation/security.md b/content/documentation/security.md index e3817181..bf7c371f 100644 --- a/content/documentation/security.md +++ b/content/documentation/security.md @@ -39,6 +39,11 @@ running operating system commands, while other scripted components support execu different programming languages. Configuring these components with untrusted commands or arguments is contrary to best practices, but it does not constitute of security issue for remediation. +The application implements process management and diagnostic operations using the HTTP protocol, with the default +configuration binding to the localhost address. Privileged administrators can configure process management on an +alternative address, which can alter the security posture of the application. It is the responsibility of privileged +administrators to implement other protection strategies when changing the default bind address. + ## Reporting Process - Notify the project on initial discovery of a potential security vulnerability
