[dubbo-website] branch master updated: fix grammar in security.md (#739)

Thu, 25 Feb 2021 02:16:27 -0800 

This is an automated email from the ASF dual-hosted git repository.

albumenj pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/dubbo-website.git


The following commit(s) were added to refs/heads/master by this push:
     new b9d39e2  fix grammar in security.md (#739)
b9d39e2 is described below

commit b9d39e28357ae89b844a7fce3b35d682b74b1741
Author: Albumen Kevin <[email protected]>
AuthorDate: Thu Feb 25 18:16:06 2021 +0800

    fix grammar in security.md (#739)
---
 content/en/docs/notices/security.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/en/docs/notices/security.md 
b/content/en/docs/notices/security.md
index d5174a2..a38d44d 100755
--- a/content/en/docs/notices/security.md
+++ b/content/en/docs/notices/security.md
@@ -10,8 +10,8 @@ weight: 90
 
 ## Deserialization Vulnerabilities
 Dubbo supports the extension of serialization protocol. Theoretically, users 
can enable serialization protocol with arbitrary order based on the extension 
mechanism, which brings great flexibility, but at the same time, they should be 
aware of the potential security risks.
-Data deserialization is one of the most vulnerable links to be exploited by 
attackers. Attackers use it to steal or destroy server-side data, such as rce 
attack. Before switching the serialization protocol or implementation, the user 
can,
-We should fully investigate the security guarantee of target serialization 
protocol and its framework implementation, and set corresponding security 
measures in advance (such as setting Black / white list). The Dubbo framework 
itself cannot guarantee the security of the target serialization mechanism.
+Data deserialization is one of the most vulnerable links to be exploited by 
attackers. Attackers use it to steal or destroy server-side data, such as rce 
attack. 
+Before switching the serialization protocol or implementation, the user should 
fully investigate the security guarantee of target serialization protocol and 
its framework implementation, and set corresponding security measures in 
advance (such as setting Black / white list). The Dubbo framework itself cannot 
guarantee the security of the target serialization mechanism.
 
 Dubbo 2.7 The official version provides the following serialization protocols:
 * Hessian2

Reply via email to