spacewander opened a new issue #6238: URL: https://github.com/apache/apisix/issues/6238
### Improved or typo fixed. A threat model documentation is helpful for two purposes: 1. the maintainers can use it to distinguish a security report 2. the users can use it to judge if a plugin is mature enough to be enabled Also, we should recommend users to enable a minimal plugin list, so that to: 1. reduce runtime cost 2. reduce attack vector ### Solution We can take a look at Envoy's doc as examples: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/threat_model https://github.com/envoyproxy/envoy/blob/main/EXTENSION_POLICY.md#extension-stability-and-security-posture -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
