Add better security warning to docs about the content-type change

This commit is contained in:
Kent 'picat' Gruber 2021-04-14 16:36:40 -04:00
parent 992bf13166
commit debbf4a604
1 changed files with 4 additions and 0 deletions

View File

@ -145,6 +145,10 @@ is instead `text/plain`.
(Yes, that is intentionally a bunch of gibberish characters to showcase the
response)
!> **Warning:** Consul versions before 1.9.5, 1.8.10 and 1.7.14 detected the content-type
of the raw KV data which could be used for cross-site scripting (XSS) attacks. This is
identified publicly as CVE-2020-25864.
## Create/Update Key
This endpoint updates the value of the specified key. If no key exists at the given