Add better security warning to docs about the content-type change

2021-04-14 16:36:40 -04:00 · 2021-04-14 16:36:40 -04:00 · debbf4a604
parent 992bf13166
commit debbf4a604
1 changed files with 4 additions and 0 deletions
--- a/website/content/api-docs/kv.mdx
+++ b/website/content/api-docs/kv.mdx
@ -145,6 +145,10 @@ is instead `text/plain`.
 (Yes, that is intentionally a bunch of gibberish characters to showcase the
 response)

+!> **Warning:** Consul versions before 1.9.5, 1.8.10 and 1.7.14 detected the content-type
+of the raw KV data which could be used for cross-site scripting (XSS) attacks. This is 
+identified publicly as CVE-2020-25864.
+
 ## Create/Update Key

 This endpoint updates the value of the specified key. If no key exists at the given