This is an automated email from the ASF dual-hosted git repository. martijnvisser pushed a commit to branch release-1.15 in repository https://gitbox.apache.org/repos/asf/flink.git
The following commit(s) were added to refs/heads/release-1.15 by this push: new 3e6a1aab071 [hotfix] Add missing release note on binding to localhost by default since Flink 1.15 3e6a1aab071 is described below commit 3e6a1aab0712acec3e9fcc955a28f2598f019377 Author: Martijn Visser <mvis...@confluent.io> AuthorDate: Mon Jul 3 16:38:39 2023 +0200 [hotfix] Add missing release note on binding to localhost by default since Flink 1.15 --- docs/content/release-notes/flink-1.15.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/content/release-notes/flink-1.15.md b/docs/content/release-notes/flink-1.15.md index 5edbb808115..f0eca2087e5 100644 --- a/docs/content/release-notes/flink-1.15.md +++ b/docs/content/release-notes/flink-1.15.md @@ -603,3 +603,18 @@ By default Flink now uses a Zookeeper 3.5 client. ##### [FLINK-24765](https://issues.apache.org/jira/browse/FLINK-24765) Kafka connector uses Kafka client 2.8.1 by default now. + +## Bind to localhost by default + +For security purposes, standalone clusters now bind the REST API and RPC endpoints to +localhost by default. The goal is to prevent cases where users unknowingly exposed the cluster to +the outside, as they would previously bind to all interfaces. + +This can be reverted by removing the: + +* `rest.bind-address` +* `jobmanager.bind-host` +* `taskmanager.bind-host` +settings from the flink-conf.yaml . + +Note that within Docker containers, the REST API still binds to 0.0.0.0.