This is an automated email from the ASF dual-hosted git repository. jin pushed a commit to branch sec in repository https://gitbox.apache.org/repos/asf/hugegraph-doc.git
commit 5f9a2619370c8aa25d235b29b4e7d5445b20726b Author: imbajin <[email protected]> AuthorDate: Thu Apr 16 11:40:06 2026 +0800 docs(sec): synchronize security warnings for gremlin execution to EN docs --- content/en/docs/clients/restful-api/gremlin.md | 5 +++++ content/en/docs/config/config-authentication.md | 8 +++++--- content/en/docs/guides/security.md | 8 ++++++++ content/en/docs/quickstart/hugegraph/hugegraph-server.md | 2 +- content/en/docs/quickstart/toolchain/hugegraph-hubble.md | 2 ++ content/en/docs/quickstart/toolchain/hugegraph-tools.md | 2 ++ 6 files changed, 23 insertions(+), 4 deletions(-) diff --git a/content/en/docs/clients/restful-api/gremlin.md b/content/en/docs/clients/restful-api/gremlin.md index ccd72686..3b348e7c 100644 --- a/content/en/docs/clients/restful-api/gremlin.md +++ b/content/en/docs/clients/restful-api/gremlin.md @@ -7,6 +7,11 @@ description: "Gremlin REST API: Execute Gremlin graph traversal language scripts ### 8.1 Gremlin +> ⚠️ **SEC Reminder: Safe Usage of Native Query Endpoints in Production Environments** +> +> The flexibility of Graph Query Languages (such as Gremlin/Cypher) inherently introduces certain potential security risks. To ensure core security, **please avoid exposing any related native query endpoints directly to the public network**. +> In production scenarios where internal exposure is required, you must enable the **[Authentication System (Auth)](/docs/config/config-authentication/)** combined with an **IP Whitelist** as a dual-security mechanism to strictly control user execution permissions. Additionally, it is advised to use an Audit Log to audit the specific statements executed and to adopt **[Containerized Deployment (Docker/K8s)](/docs/quickstart/hugegraph/hugegraph-server/#31-use-docker-container-convenient-f [...] + #### 8.1.1 Sending a gremlin statement (GET) to HugeGraphServer for synchronous execution ##### Params diff --git a/content/en/docs/config/config-authentication.md b/content/en/docs/config/config-authentication.md index e00c8a41..8dc55924 100644 --- a/content/en/docs/config/config-authentication.md +++ b/content/en/docs/config/config-authentication.md @@ -24,9 +24,11 @@ user(name=xx) -belong-> group(name=xx) -access(read)-> target(graph=graph1, reso ### Configure User Authentication -By default, HugeGraph does **not enable** user authentication, and it needs to be enabled by -modifying the configuration file (Note: If used in a production environment or over the internet, -please use a **Java11** version and enable **auth-system** to avoid security risks.) +By default, HugeGraph does **not enable** user authentication, and it needs to be enabled by modifying the configuration file. + +> ⚠️ **SEC Reminder: Security of Graph Query Languages (Gremlin/Cypher)** +> +> Due to potential system security risks brought about by the flexibility of graph query languages, **please avoid exposing any query-related endpoints directly to public/external network environments**. In actual production deployments, please use the **[Authentication System](/docs/config/config-authentication/)** outlined here combined with an **IP Whitelist** as a dual-security mechanism, and we recommend enabling Audit Logs to pinpoint the exact queries executed by users. Given the [...] You need to modify the configuration file to enable this feature. HugeGraph provides built-in authentication mode: `StandardAuthenticator`. This mode supports multi-user authentication and fine-grained permission control. Additionally, developers can implement their own `HugeAuthenticator` interface to integrate with their existing authentication systems. diff --git a/content/en/docs/guides/security.md b/content/en/docs/guides/security.md index 4ce21102..2c2c0e49 100644 --- a/content/en/docs/guides/security.md +++ b/content/en/docs/guides/security.md @@ -6,6 +6,14 @@ weight: 7 ## Reporting New Security Problems with Apache HugeGraph +> ⚠️ **SEC Reminder: Notice to Vulnerability Researchers Regarding Graph Query Languages** +> +> Given the inherent parsing and execution flexibility of graph query languages (like Gremlin/Cypher), HugeGraph strongly recommends relying on the **"[Auth (Authentication)](/docs/config/config-authentication/) + IP Whitelist + Audit Log"** mechanism in production environments to adhere to the Principle of Least Privilege. Furthermore, since Server nodes are essentially stateless, **it is explicitly advised to use [Containerized Environments (Docker/K8s)](/docs/quickstart/hugegraph/huge [...] +> +> Recently, the community has received numerous security reports concerning the flexibility of graph queries. Until the overall HugeGraph security architecture is fully refactored, known situations involving the execution of DSL queries under the premise of **not enabling/skipping the Auth system or avoiding authorized identities** will **no longer be treated individually as new vulnerabilities**. +> +> However, if a vulnerability can still be exploited in an environment where the **Auth system is enabled** by accessing it with an **anonymous or unauthorized identity**, or if one successfully **bypasses the IP whitelist / escapes the container** causing severe unauthorized access or underlying system destruction, we still consider this a high-risk security vulnerability and highly encourage you to report it to us at any time! + Adhering to the specifications of ASF, the HugeGraph community maintains a highly proactive and open attitude towards addressing security issues in the **remediation** projects. We strongly recommend that users first report such issues to our dedicated security email list, with detailed procedures specified in the [ASF SEC](https://www.apache.org/security/committers.html) code of conduct. diff --git a/content/en/docs/quickstart/hugegraph/hugegraph-server.md b/content/en/docs/quickstart/hugegraph/hugegraph-server.md index 84469f08..2177930b 100644 --- a/content/en/docs/quickstart/hugegraph/hugegraph-server.md +++ b/content/en/docs/quickstart/hugegraph/hugegraph-server.md @@ -33,7 +33,7 @@ There are four ways to deploy HugeGraph-Server components: - Method 3: Source code compilation - Method 4: One-click deployment -**Note:** For production environments or environments exposed to the public network, you must use Java 11 and enable [Auth authentication](/docs/config/config-authentication/) to avoid security risks. +> ⚠️ **SEC Reminder**: Due to the high flexibility of graph query languages (like Gremlin/Cypher), exposing native query endpoints directly presents potential security risks. Therefore, **please avoid exposing any query-related endpoints directly in public network environments**. In production environments, it is imperative to enable the **[Authentication System (Auth)](/docs/config/config-authentication/)** combined with an **IP Whitelist** to establish a dual assurance mechanism, along [...] #### 3.1 Use Docker container (Convenient for Test/Dev) diff --git a/content/en/docs/quickstart/toolchain/hugegraph-hubble.md b/content/en/docs/quickstart/toolchain/hugegraph-hubble.md index 2746ea77..8d04d5e9 100644 --- a/content/en/docs/quickstart/toolchain/hugegraph-hubble.md +++ b/content/en/docs/quickstart/toolchain/hugegraph-hubble.md @@ -409,6 +409,8 @@ HugeGraph supports Gremlin, a graph traversal query language of Apache TinkerPop After Gremlin query, below is the graph result display area, which provides 3 kinds of graph result display modes: [Graph Mode], [Table Mode], [Json Mode]. +> ⚠️ **SEC Reminder**: Hubble allows the direct input and execution of native Gremlin query statements on the web interface, which grants users relatively high operational privileges. **Please avoid exposing the Hubble service to public network environments**. It is recommended to ensure that the graph database server has enabled the **[Authentication System (Auth)](/docs/config/config-authentication/)** combined with an **IP Whitelist** for strict permission control when in use, prevent [...] + Support zoom, center, full screen, export and other operations. 【Picture Mode】 diff --git a/content/en/docs/quickstart/toolchain/hugegraph-tools.md b/content/en/docs/quickstart/toolchain/hugegraph-tools.md index 3ebb3543..eb13706e 100644 --- a/content/en/docs/quickstart/toolchain/hugegraph-tools.md +++ b/content/en/docs/quickstart/toolchain/hugegraph-tools.md @@ -142,6 +142,8 @@ Another way is to set the environment variable in the bin/hugegraph script: ##### 3.5 Gremlin Type,gremlin-execute and gremlin-schedule +> ⚠️ **SEC Reminder**: The execution of Gremlin depends on the actual logic of the statements, which may involve scenarios such as large-scale data modification and high-risk system calls with potential implicit hazards. Please use this tool **only in secure and trusted network environments**. It is imperative to bind the backend graph database with the **[Authentication System (Auth)](/docs/config/config-authentication/)** and an **IP Whitelist** to restrict execution requests on the se [...] + - gremlin-execute, send Gremlin statements to HugeGraph-Server to execute query or modification operations, execute synchronously, and return results after completion - --file or -f, specify the script file to execute, UTF-8 encoding, mutually exclusive with --script - --script or -s, specifies the script string to execute, mutually exclusive with --file
