Agreed to backport the fix. For users using APISIX in prod environment, It will be a long day to upgrade both APISIX and APISIX dashboard.
> On 29 Dec 2021, at 5:16 PM, Zhiyuan Ju <juzhiy...@apache.org> wrote: > > I also support back port this fix to previous Dashboard, or provide a quick > way for users to disable those 2 Unauthorized APIs > > Baoyuan <baoyuan....@gmail.com>于2021年12月29日 周三下午4:35写道: > >> Hi Community, when APISIX Dashboard users try to fix CVE-2021-45232, they >> need to upgrade Dashboard to version 2.10.1. >> >> Due to the Dashboard version needing to correspond to APISIX, users will >> also need to consider upgrading APISIX, which may cause inconvenience to >> users. >> >> Are we considering backporting the fixed code for this vulnerability to the >> previous affected version? What do you think? >> > -- > 来自 琚致远
