ShiningRush opened a new pull request #2802: URL: https://github.com/apache/apisix/pull/2802
Recently, we have a serious security vulnerability caused by `adminapi`. I synchronize scenarios here: - Some external business team forget to modify admin port and key after debugging(the ip whitelist is removed), so that anyone can access the `adminapi` - Some people using the default admin key to scan `adminapi` and found the command execution vulnerability, they reported it to the our company's security platform Here I think there are two points we can optimize: - the default configuration is to separate proxy and admin port - `adminapi` command execution vulnerability.I will push a PR to apisix after I produce and fix the vulnerability ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
