luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Add better security warning to docs about the content-type change

This commit is contained in:
Kent 'picat' Gruber 2021-04-14 16:36:40 -04:00
parent 992bf13166
commit debbf4a604
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
website/content/api-docs/kv.mdx
View File

@ -145,6 +145,10 @@ is instead `text/plain`.
(Yes, that is intentionally a bunch of gibberish characters to showcase the (Yes, that is intentionally a bunch of gibberish characters to showcase the
response) response)
!> **Warning:** Consul versions before 1.9.5, 1.8.10 and 1.7.14 detected the content-type
of the raw KV data which could be used for cross-site scripting (XSS) attacks. This is
identified publicly as CVE-2020-25864.
## Create/Update Key ## Create/Update Key
This endpoint updates the value of the specified key. If no key exists at the given This endpoint updates the value of the specified key. If no key exists at the given