(hertzbeat) branch master updated: [security] update hertzbeat security model (#3450)

Tue, 10 Jun 2025 09:22:57 -0700 

This is an automated email from the ASF dual-hosted git repository.

liutianyou pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hertzbeat.git


The following commit(s) were added to refs/heads/master by this push:
     new fc3f26368d [security] update hertzbeat security model (#3450)
fc3f26368d is described below

commit fc3f26368d57df80c38cee0fb819274d18b2150d
Author: tomsun28 <[email protected]>
AuthorDate: Wed Jun 11 00:22:26 2025 +0800

    [security] update hertzbeat security model (#3450)
---
 home/docs/help/security_model.md                                      | 4 ++++
 .../docusaurus-plugin-content-docs/current/help/security_model.md     | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/home/docs/help/security_model.md b/home/docs/help/security_model.md
index 7706b654e5..ee80927e18 100644
--- a/home/docs/help/security_model.md
+++ b/home/docs/help/security_model.md
@@ -30,6 +30,10 @@ Apache HertzBeat supports users to upload custom code 
plugins to run in the life
 
 Apache HertzBeat supports users to customize collectors to personalize the 
collection of monitoring indicators, and users need to ensure the security of 
the custom collectors themselves.
 
+## Custom URL and Other Parameter Security
+
+Apache HertzBeat provides the ability to configure custom parameters. All 
users authorized to configure URLs and other parameters are considered highly 
trusted and are expected to trigger certain behaviors.
+
 ## Security Constraints in Other Customizations
 
 Apache HertzBeat provides a variety of system extension methods and custom 
capabilities. Users need to pay attention to the security of customizations 
during use. Of course, all extension capabilities need to be within the scope 
of authenticated users.
diff --git 
a/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md 
b/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md
index 35a2f79543..eb2eff8be9 100644
--- 
a/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md
+++ 
b/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md
@@ -30,6 +30,10 @@ Apache HertzBeat 支持用户上传自定义代码插件在多个系统的生命
 
 Apache HertzBeat 支持用户自定义采集器来个性化采集监控指标等,用户需要自行保证自定义采集器的安全性。
 
+## 自定义URL等参数安全
+
+Apache HertzBeat 提供自定义参数配置能力,所有被授权配置 URL 等参数的用户都被认为是高度信任的,并且期望他们可以触发某些行为。
+
 ## 其它自定义下的安全约束
 
 Apache HertzBeat 提供多种系统扩展方式和自定义能力,用户在使用过程中需注意自定义的安全性。当然所有扩展能力都是需在认证用户范围。


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to