[jira] [Commented] (FLINK-20959) How to close Apache Flink REST API
[ https://issues.apache.org/jira/browse/FLINK-20959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17265826#comment-17265826 ] Robert Metzger commented on FLINK-20959: I believe Chesnay posted the wrong Jira ID. I guess he meant: https://issues.apache.org/jira/browse/FLINK-20875 What we generally recommend users is securing access to the REST API: restrict who can access the REST API. Not everyone in a company should be allowed accessing the REST API. You could for example run Flink in a cluster that is in a (virtual) private network, where only a few people have access. Or you set up a firewall restricting access to Flink ports. If you need to control who can access Flink, you can run Flink's REST API behind a reverse proxy (for example nginx). > How to close Apache Flink REST API > -- > > Key: FLINK-20959 > URL: https://issues.apache.org/jira/browse/FLINK-20959 > Project: Flink > Issue Type: Bug > Components: Runtime / REST >Affects Versions: 1.10.2 >Reporter: wuchangwen >Priority: Major > Fix For: 1.10.2 > > > Apache Flink 1.10.2 has CVE-2020-17518 vulnerability in the REST API. Now > that I want to turn off the REST API service, how should I set up the > configuration file? -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-20959) How to close Apache Flink REST API
[ https://issues.apache.org/jira/browse/FLINK-20959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17264078#comment-17264078 ] Chesnay Schepler commented on FLINK-20959: -- In that case, please have a look at FLINK-20959; that ticket is about back-porting the fix to 1.10, and is currently under discussion on the mailing list. > How to close Apache Flink REST API > -- > > Key: FLINK-20959 > URL: https://issues.apache.org/jira/browse/FLINK-20959 > Project: Flink > Issue Type: Bug > Components: Runtime / REST >Affects Versions: 1.10.2 >Reporter: wuchangwen >Priority: Major > Fix For: 1.10.2 > > > Apache Flink 1.10.2 has CVE-2020-17518 vulnerability in the REST API. Now > that I want to turn off the REST API service, how should I set up the > configuration file? -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-20959) How to close Apache Flink REST API
[ https://issues.apache.org/jira/browse/FLINK-20959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17264074#comment-17264074 ] wuchangwen commented on FLINK-20959: We can't turn off the REST API,we should to deal with the CVE-2020-17518 vulnerability on Apache Flink 1.10.2 > How to close Apache Flink REST API > -- > > Key: FLINK-20959 > URL: https://issues.apache.org/jira/browse/FLINK-20959 > Project: Flink > Issue Type: Bug > Components: Runtime / REST >Affects Versions: 1.10.2 >Reporter: wuchangwen >Priority: Major > Fix For: 1.10.2 > > > Apache Flink 1.10.2 has CVE-2020-17518 vulnerability in the REST API. Now > that I want to turn off the REST API service, how should I set up the > configuration file? -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-20959) How to close Apache Flink REST API
[ https://issues.apache.org/jira/browse/FLINK-20959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17264063#comment-17264063 ] Chesnay Schepler commented on FLINK-20959: -- You can't turn of the REST API. > How to close Apache Flink REST API > -- > > Key: FLINK-20959 > URL: https://issues.apache.org/jira/browse/FLINK-20959 > Project: Flink > Issue Type: Bug > Components: Runtime / REST >Affects Versions: 1.10.2 >Reporter: wuchangwen >Priority: Major > Fix For: 1.10.2 > > > Apache Flink 1.10.2 has CVE-2020-17518 vulnerability in the REST API. Now > that I want to turn off the REST API service, how should I set up the > configuration file? -- This message was sent by Atlassian Jira (v8.3.4#803005)
