Skip to content

Make heapdump endpoint restricted by default#45624

Closed
lhotari wants to merge 1 commit intospring-projects:mainfrom
lhotari:lh-heapdump-restricted-by-default
Closed

Make heapdump endpoint restricted by default#45624
lhotari wants to merge 1 commit intospring-projects:mainfrom
lhotari:lh-heapdump-restricted-by-default

Conversation

@lhotari
Copy link
Contributor

@lhotari lhotari commented May 20, 2025

In Spring Boot, all actuator endpoints other than shutdown are "unrestricted" by default.
For misconfigured Spring Boot applications, it would improve security when the heapdump actuator endpoint is restricted by default.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label May 20, 2025
@lhotari lhotari force-pushed the lh-heapdump-restricted-by-default branch 2 times, most recently from 4b39d34 to 3fd238d Compare May 20, 2025 15:48
@lhotari
Make heapdump endpoint restricted by default
61eccee 
Signed-off-by: Lari Hotari <lhotari@users.noreply.github.com>
@lhotari lhotari force-pushed the lh-heapdump-restricted-by-default branch from 3fd238d to 61eccee Compare May 20, 2025 16:06
@philwebb philwebb added type: enhancement A general enhancement for: upgrade-attention An issue requiring extra attention when upgrading and removed status: waiting-for-triage An issue we've not yet triaged labels May 20, 2025
@philwebb philwebb added this to the 3.5.x milestone May 20, 2025
@philwebb
Copy link
Member

philwebb commented May 20, 2025

Thanks! Very timely given we were just discussing your post about this :)

philwebb pushed a commit that referenced this pull request May 21, 2025
@lhotari @philwebb
Make heapdump endpoint restricted by default
a9f5a41 
See gh-45624

Signed-off-by: Lari Hotari <lhotari@users.noreply.github.com>
@philwebb philwebb closed this in b267293 May 21, 2025
@philwebb philwebb modified the milestones: 3.5.x, 3.5.0 May 21, 2025
@philwebb
Copy link
Member

philwebb commented May 21, 2025

Thanks very much @lhotari !

@Netyyyy Netyyyy mentioned this pull request May 31, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

for: upgrade-attention An issue requiring extra attention when upgrading type: enhancement A general enhancement

Projects

None yet

Milestone

3.5.0

Development

Successfully merging this pull request may close these issues.

3 participants

@lhotari @philwebb @spring-projects-issues