Skip to content

Make heapdump endpoint restricted by default #45624

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Make heapdump endpoint restricted by default #45624

wants to merge 1 commit into from
+8 −5

Conversation

lhotari
Copy link
Contributor

@lhotari lhotari commented May 20, 2025

In Spring Boot, all actuator endpoints other than shutdown are "unrestricted" by default.
For misconfigured Spring Boot applications, it would improve security when the heapdump actuator endpoint is restricted by default.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label May 20, 2025
@lhotari lhotari force-pushed the lh-heapdump-restricted-by-default branch 2 times, most recently from 4b39d34 to 3fd238d Compare May 20, 2025 15:48
@lhotari
Make heapdump endpoint restricted by default
61eccee 
Signed-off-by: Lari Hotari <lhotari@users.noreply.github.com>
@lhotari lhotari force-pushed the lh-heapdump-restricted-by-default branch from 3fd238d to 61eccee Compare May 20, 2025 16:06
@philwebb philwebb added type: enhancement A general enhancement status: noteworthy A noteworthy issue to call out in the release notes and removed status: waiting-for-triage An issue we've not yet triaged labels May 20, 2025
@philwebb philwebb added this to the 3.5.x milestone May 20, 2025
@philwebb
Copy link
Member

Thanks! Very timely given we were just discussing your post about this :)

philwebb pushed a commit that referenced this pull request May 21, 2025
@lhotari @philwebb
Make heapdump endpoint restricted by default
a9f5a41 
See gh-45624

Signed-off-by: Lari Hotari <lhotari@users.noreply.github.com>
@philwebb philwebb closed this in b267293 May 21, 2025
@philwebb philwebb modified the milestones: 3.5.x, 3.5.0 May 21, 2025
@philwebb
Copy link
Member

Thanks very much @lhotari !

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
status: noteworthy A noteworthy issue to call out in the release notes type: enhancement A general enhancement
Projects
None yet
Milestone
3.5.0
Development

Successfully merging this pull request may close these issues.
3 participants
@lhotari @philwebb @spring-projects-issues