michaeljmarshall commented on PR #20903: URL: https://github.com/apache/pulsar/pull/20903#issuecomment-1677709315
> What's the problem with us calling the method by default? Great question, thanks @shibd. I wrote this text in the PIP explaining why I didn't want to enable it by default: > The primary security consideration is whether there is any risk in giving users a way to interpolate environment variables into their connector. Note that this kind of feature led to Log4Shell. Unlike Log4Shell, the risk is negligible when running in a containerized environment, like Kubernetes. Further, this feature will be disabled by default, so users can evaluate the security risks on their own. In taking a closer look, the proposed change will only affect k8s based deployments, which probably means we can enable it by default. However, the only remaining risk could be to users that have created their own extensions and are using these classes in unknown ways. Given your comments, I think we should remove the configuration option and always enable it. Let me know what you think, thanks. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
