Linuxeden开源社区
该版本移除了默认鉴权插件中依赖的nacos.core.auth.plugin.nacos.token.secret.key默认值,在部署新版本时必须要输入自定义的有效token.secret.key 用于登陆后的accessToken生成。
本变更避免开源用户直接使用默认配置时出现的安全风险,提升了开源组件使用的安全性。
旧版本不是必须升级到这个版本, 只需要根据文档修改对应token.secret.key即可修复问题。
变更详情:
- [#9992] Remove the default token.secret.key.
This version removes nacos.core.auth.plugin.nacos.token.secret.key which is dependent on the default authentication plugin. When deploying with new version, users must set the custom valid token.secret.key to generate accessToken for login.
This change is to avoid security risks when users directly use the default configuration, and improve the security during using this component.
The old version does not have to be upgraded to this version, just modify the token.secret.key according to documentation to repair problem.
Detail:
- [#9992] Remove the default token.secret.key.