This is an automated email from the ASF dual-hosted git repository.
martijnvisser pushed a commit to branch release-1.16
in repository https://gitbox.apache.org/repos/asf/flink.git
The following commit(s) were added to refs/heads/release-1.16 by this push:
new 85e11f7a34f [hotfix] Add missing release note on binding to localhost
by default since Flink 1.15
85e11f7a34f is described below
commit 85e11f7a34fc3b406f464e68763d55bede320427
Author: Martijn Visser <mvis...@confluent.io>
AuthorDate: Mon Jul 3 16:38:39 2023 +0200
[hotfix] Add missing release note on binding to localhost by default since
Flink 1.15
---
docs/content/release-notes/flink-1.15.md | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/docs/content/release-notes/flink-1.15.md
b/docs/content/release-notes/flink-1.15.md
index 5edbb808115..f0eca2087e5 100644
--- a/docs/content/release-notes/flink-1.15.md
+++ b/docs/content/release-notes/flink-1.15.md
@@ -603,3 +603,18 @@ By default Flink now uses a Zookeeper 3.5 client.
##### [FLINK-24765](https://issues.apache.org/jira/browse/FLINK-24765)
Kafka connector uses Kafka client 2.8.1 by default now.
+
+## Bind to localhost by default
+
+For security purposes, standalone clusters now bind the REST API and RPC
endpoints to
+localhost by default. The goal is to prevent cases where users unknowingly
exposed the cluster to
+the outside, as they would previously bind to all interfaces.
+
+This can be reverted by removing the:
+
+* `rest.bind-address`
+* `jobmanager.bind-host`
+* `taskmanager.bind-host`
+settings from the flink-conf.yaml .
+
+Note that within Docker containers, the REST API still binds to 0.0.0.0.
