Skip to content

ZOOKEEPER-5050. Disable AdminServer and enhance documentation to highlight security considerations#2389

Merged
anmolnar merged 4 commits into
apache:masterfrom
anmolnar:ZOOKEEPER-5050
Jun 22, 2026
Merged

ZOOKEEPER-5050. Disable AdminServer and enhance documentation to highlight security considerations#2389
anmolnar merged 4 commits into
apache:masterfrom
anmolnar:ZOOKEEPER-5050

Conversation

@anmolnar

Copy link
Copy Markdown
Contributor

No description provided.

Comment thread zookeeper-docs/src/main/resources/markdown/zookeeperAdmin.md Outdated

#### Default Security Posture

The default AdminServer configuration is intended for ease of use in trusted environments, but it is **not secure for

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't we err on the side of security instead? (see prev line comment)

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what do you mean by that?

Comment thread zookeeper-docs/src/main/resources/markdown/zookeeperAdmin.md Outdated
@phunt

phunt commented May 19, 2026

Copy link
Copy Markdown
Contributor

It's not clear to me (and I don't see here nor in the references JIRA) why we wouldn't just flip this and disable by default, include the excellent new docs you've added, and put the burden on the user to ensure the requisite security enforcement prior to enabling/overriding? I think this would be fine and "backward compatible" given the user can make a change via config at runtime - we could include such details in the release notes.

@anmolnar

Copy link
Copy Markdown
Contributor Author

@eolivelli PTAL.

@anmolnar anmolnar changed the title ZOOKEEPER-5050. Enhance documentation of AdminServer to highlight security considerations ZOOKEEPER-5050. Disable AdminServer and enhance documentation to highlight security considerations Jun 18, 2026
@anmolnar

Copy link
Copy Markdown
Contributor Author

@phunt @eolivelli I've updated the ticket and the patch to disable Admin Server in the default configuration. Also modified the docs accordingly. PTAL.

@eolivelli eolivelli left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

for the next major release we should disable this by default

let's ensure that we document the default behavior on each version

@anmolnar

Copy link
Copy Markdown
Contributor Author

Thanks @eolivelli !

I think we can leave the default setting enabled on other branches and backport this patch without the code change.

@phunt phunt left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm - +1. Having this off by default with clear documentation on how to enable safely is great to see. Thanks Andor.

@anmolnar

Copy link
Copy Markdown
Contributor Author

Thank you guys for the reviews. If I got it right, we should not make Admin Server disabled by default on branches other than the master. Which means I need to carefully backport this patch with the text "reversed" and referring to the enabled behavior.

@anmolnar anmolnar merged commit 981a2fd into apache:master Jun 22, 2026
17 checks passed
@anmolnar anmolnar deleted the ZOOKEEPER-5050 branch June 22, 2026 22:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants