Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.Original topic: Swagger 高危漏洞问题
|
username: rw12306
The online security test detected a high-risk vulnerability in Swagger. How can this be resolved?
Could you please inform me of the location of the swagger/index.html file? Manually deleting it should resolve the issue.
Is the high-risk vulnerability bug in Swagger located in the PD interface of the TiDB cluster? It is recommended to avoid database vulnerabilities. You can close some unnecessary ports, and generally, fixing it involves upgrading to a new version.
The machine running PD uses port 2379. If the port is closed, it will affect access, right? Can swagger be deleted? Just delete that HTML file.
Isn’t Swagger disabled by default in versions after 5.3.2?
It seems that you need to add the parameter SWAGGER=1 when upgrading. I haven’t tried how to disable it once it’s enabled, but I haven’t enabled it on my side.
I looked at it again, do we need to manually add this parameter when compiling PD? There is indeed no place to specify this parameter when upgrading the entire cluster.
Your research is really in-depth. May I ask a simple question: what is the purpose of the swagger server?
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
|
username: 
|
username: 
|
username: 
|
username: 
|
username: 
|
username: 
|
username: