[
https://issues.apache.org/jira/browse/FLINK-24474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chesnay Schepler closed FLINK-24474.
------------------------------------
Release Note:
For security purposes standalone clusters now bind the REST API to localhost by
default. The goal is to prevent cases where users unknowingly exposed the
cluster to the outside, as the REST API would previously bind to all interfaces.
This can be reverted by removing the 'rest.bind-address' setting from the
flink-conf.yaml .
Note that within docker containers the REST API still binds to 0.0.0.0 .
Resolution: Fixed
master: 6222532db0f0a1e75811fc215cd66bc26fb74afb
> Standalone clusters should bind to localhost by default
> -------------------------------------------------------
>
> Key: FLINK-24474
> URL: https://issues.apache.org/jira/browse/FLINK-24474
> Project: Flink
> Issue Type: Improvement
> Components: Runtime / Configuration
> Reporter: Chesnay Schepler
> Assignee: Mika Naylor
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.15.0
>
>
> By default the REST endpoints bind to 0.0.0.0.
> This is fine for docker use-cases as it simplifies the setup and the API
> isn't reachable unless the user explicitly enables that via docker.
> However, for standalone clusters this is a different story, and it is
> currently too easy for users to accidentally expose their clusters to the
> outside world.
> We should set the bind address by default to localhost, and change the
> docker-scripts to set this to 0.0.0.0 .
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
