(rocketmq-site) branch new-official-website updated: Add security model (#733)

Sun, 06 Jul 2025 19:47:09 -0700 

This is an automated email from the ASF dual-hosted git repository.

jinrongtong pushed a commit to branch new-official-website
in repository https://gitbox.apache.org/repos/asf/rocketmq-site.git


The following commit(s) were added to refs/heads/new-official-website by this 
push:
     new 6e8c65d044 Add security model (#733)
6e8c65d044 is described below

commit 6e8c65d044c38ac34d8d830fc59831847323938c
Author: rongtong <[email protected]>
AuthorDate: Mon Jul 7 10:46:58 2025 +0800

    Add security model (#733)
    
    * Add security model
    
    * Add security model
---
 docs/12-securityModel/01security-model.md          | 39 ++++++++++++++++++++++
 docs/12-securityModel/_category_.json              |  4 +++
 .../current/12-securityModel/01security-model.md   | 39 ++++++++++++++++++++++
 .../14-securityModel/01security-model.md           | 39 ++++++++++++++++++++++
 .../14-securityModel/01security-model.md           | 39 ++++++++++++++++++++++
 .../version-5.0/14-securityModel/_category_.json   |  4 +++
 6 files changed, 164 insertions(+)

diff --git a/docs/12-securityModel/01security-model.md 
b/docs/12-securityModel/01security-model.md
new file mode 100644
index 0000000000..1090d5a38c
--- /dev/null
+++ b/docs/12-securityModel/01security-model.md
@@ -0,0 +1,39 @@
+# 安全模型
+
+Apache RocketMQ 项目自身提供了 ACL、TLS 等安全特性,但最终的安全效果仍取决于运维人员对 **网络、主机、账户与数据** 的整体防护。
+
+## 1. 认证与授权(ACL)
+
+- 自 RocketMQ 4.4.0 起支持 ACL 1.0
+- 5.3.0 起引入安全性更高的 **ACL 2.0**
+- 5.3.3 移除了 ACL 1.0
+- 建议所有使用 Apache RocketMQ ACL 的用户迁移到 **ACL 2.0**
+
+## 2. 控制台 (Dashboard) 与可观测组件暴露
+
+RocketMQ Dashboard 及部分可观测组件(例如 RocketMQ Prometheus Exporter)默认不启用强认证,任何可访问 
HTTP 端口的用户都可读取集群元数据。强烈建议:
+
+- Dashboard 监听地址 绑定至内网或受信任 VPC
+- 在 网关 / Ingress / 反向代理 上配置 ACL / IP 白名单
+- 如需公网运维,务必叠加 VPN、HTTP Basic/OAuth 鉴权或 WAF
+
+> 否则可能导致信息泄露风险,该风险属于部署方责任而非 RocketMQ 漏洞。
+
+## 3. 传输加密与数据加密
+
+- 客户端与服务端可通过 TLS 加密通信,若数据中包含敏感信息可以开启
+- 消息体由业务定义,RocketMQ 不会解析或持久化解密后的内容
+- 若消息包含敏感信息,应在业务侧进行字段或整体加密,避免明文落盘
+
+## 4. 序列化与反序列化风险
+
+- RocketMQ 仅传输字节数组,不做对象反序列化
+- 消费端若需反序列化,应选用安全格式(如 JSON-Binding、Protobuf 等),并对不可信数据进行校验
+
+## 5. SDK 与版本管理
+
+- 始终使用官方最新稳定版客户端,以获得最新漏洞修复与改进
+
+## 6. 日志管理
+
+- 请妥善保管 RocketMQ 相关日志(包括 Broker、Namesrver、Proxy、Client等),避免敏感信息泄漏
diff --git a/docs/12-securityModel/_category_.json 
b/docs/12-securityModel/_category_.json
new file mode 100644
index 0000000000..fc652b4db4
--- /dev/null
+++ b/docs/12-securityModel/_category_.json
@@ -0,0 +1,4 @@
+{
+  "label": "安全模型",
+  "position": 13
+}
\ No newline at end of file
diff --git 
a/i18n/en/docusaurus-plugin-content-docs/current/12-securityModel/01security-model.md
 
b/i18n/en/docusaurus-plugin-content-docs/current/12-securityModel/01security-model.md
new file mode 100644
index 0000000000..e0b3b1a60c
--- /dev/null
+++ 
b/i18n/en/docusaurus-plugin-content-docs/current/12-securityModel/01security-model.md
@@ -0,0 +1,39 @@
+# Security Model
+
+The Apache RocketMQ project itself provides security features such as ACL and 
TLS, but the final security effectiveness still depends on the operator’s 
comprehensive protection of **network, hosts, accounts, and data**.
+
+## 1. Authentication and Authorization (ACL)
+
+- ACL 1.0 has been supported since RocketMQ 4.4.0
+- The more secure **ACL 2.0** was introduced in 5.3.0
+- ACL 1.0 was removed in 5.3.3
+- It is recommended that all users who use Apache RocketMQ ACL migrate to 
**ACL 2.0**
+
+## 2. Dashboard  &  Observability Exposure
+
+RocketMQ Dashboard and some observability components (such as RocketMQ 
Prometheus Exporter) do **not** enable strong authentication by default; anyone 
who can access the HTTP port can read cluster metadata. Strongly recommended:
+
+- Bind the Dashboard listening address to the intranet or a trusted VPC
+- Configure ACL / IP allow-lists on the gateway / Ingress / reverse proxy
+- If public-network operation and maintenance is required, be sure to add a 
VPN, HTTP Basic/OAuth authentication, or a WAF
+
+> Otherwise, information-leakage risks may occur; such risks are the 
responsibility of the deployment side rather than RocketMQ vulnerabilities.
+
+## 3. Transport Encryption and Data Encryption
+
+- Clients and servers can communicate through **TLS** encryption; enable it if 
sensitive data is involved
+- The message body is defined by the business; RocketMQ will **not** parse or 
persist decrypted content
+- If messages contain sensitive information, perform field-level or overall 
encryption on the business side to avoid storing plaintext
+
+## 4. Serialization and Deserialization Risks
+
+- RocketMQ only transmits byte arrays and does **not** perform object 
deserialization
+- If consumers need to deserialize, they should choose secure formats (such as 
**JSON-Binding, Protobuf** etc.) and validate untrusted data
+
+## 5. SDK and Version Management
+
+- Always use the latest official stable client to obtain the latest 
vulnerability fixes and improvements
+
+## 6. Log Management
+
+- Properly keep RocketMQ-related logs (including **Broker, NameServer, Proxy, 
Client**, etc.) to avoid leakage of sensitive information
\ No newline at end of file
diff --git 
a/i18n/en/docusaurus-plugin-content-docs/version-5.0/14-securityModel/01security-model.md
 
b/i18n/en/docusaurus-plugin-content-docs/version-5.0/14-securityModel/01security-model.md
new file mode 100644
index 0000000000..e0b3b1a60c
--- /dev/null
+++ 
b/i18n/en/docusaurus-plugin-content-docs/version-5.0/14-securityModel/01security-model.md
@@ -0,0 +1,39 @@
+# Security Model
+
+The Apache RocketMQ project itself provides security features such as ACL and 
TLS, but the final security effectiveness still depends on the operator’s 
comprehensive protection of **network, hosts, accounts, and data**.
+
+## 1. Authentication and Authorization (ACL)
+
+- ACL 1.0 has been supported since RocketMQ 4.4.0
+- The more secure **ACL 2.0** was introduced in 5.3.0
+- ACL 1.0 was removed in 5.3.3
+- It is recommended that all users who use Apache RocketMQ ACL migrate to 
**ACL 2.0**
+
+## 2. Dashboard  &  Observability Exposure
+
+RocketMQ Dashboard and some observability components (such as RocketMQ 
Prometheus Exporter) do **not** enable strong authentication by default; anyone 
who can access the HTTP port can read cluster metadata. Strongly recommended:
+
+- Bind the Dashboard listening address to the intranet or a trusted VPC
+- Configure ACL / IP allow-lists on the gateway / Ingress / reverse proxy
+- If public-network operation and maintenance is required, be sure to add a 
VPN, HTTP Basic/OAuth authentication, or a WAF
+
+> Otherwise, information-leakage risks may occur; such risks are the 
responsibility of the deployment side rather than RocketMQ vulnerabilities.
+
+## 3. Transport Encryption and Data Encryption
+
+- Clients and servers can communicate through **TLS** encryption; enable it if 
sensitive data is involved
+- The message body is defined by the business; RocketMQ will **not** parse or 
persist decrypted content
+- If messages contain sensitive information, perform field-level or overall 
encryption on the business side to avoid storing plaintext
+
+## 4. Serialization and Deserialization Risks
+
+- RocketMQ only transmits byte arrays and does **not** perform object 
deserialization
+- If consumers need to deserialize, they should choose secure formats (such as 
**JSON-Binding, Protobuf** etc.) and validate untrusted data
+
+## 5. SDK and Version Management
+
+- Always use the latest official stable client to obtain the latest 
vulnerability fixes and improvements
+
+## 6. Log Management
+
+- Properly keep RocketMQ-related logs (including **Broker, NameServer, Proxy, 
Client**, etc.) to avoid leakage of sensitive information
\ No newline at end of file
diff --git a/versioned_docs/version-5.0/14-securityModel/01security-model.md 
b/versioned_docs/version-5.0/14-securityModel/01security-model.md
new file mode 100644
index 0000000000..1090d5a38c
--- /dev/null
+++ b/versioned_docs/version-5.0/14-securityModel/01security-model.md
@@ -0,0 +1,39 @@
+# 安全模型
+
+Apache RocketMQ 项目自身提供了 ACL、TLS 等安全特性,但最终的安全效果仍取决于运维人员对 **网络、主机、账户与数据** 的整体防护。
+
+## 1. 认证与授权(ACL)
+
+- 自 RocketMQ 4.4.0 起支持 ACL 1.0
+- 5.3.0 起引入安全性更高的 **ACL 2.0**
+- 5.3.3 移除了 ACL 1.0
+- 建议所有使用 Apache RocketMQ ACL 的用户迁移到 **ACL 2.0**
+
+## 2. 控制台 (Dashboard) 与可观测组件暴露
+
+RocketMQ Dashboard 及部分可观测组件(例如 RocketMQ Prometheus Exporter)默认不启用强认证,任何可访问 
HTTP 端口的用户都可读取集群元数据。强烈建议:
+
+- Dashboard 监听地址 绑定至内网或受信任 VPC
+- 在 网关 / Ingress / 反向代理 上配置 ACL / IP 白名单
+- 如需公网运维,务必叠加 VPN、HTTP Basic/OAuth 鉴权或 WAF
+
+> 否则可能导致信息泄露风险,该风险属于部署方责任而非 RocketMQ 漏洞。
+
+## 3. 传输加密与数据加密
+
+- 客户端与服务端可通过 TLS 加密通信,若数据中包含敏感信息可以开启
+- 消息体由业务定义,RocketMQ 不会解析或持久化解密后的内容
+- 若消息包含敏感信息,应在业务侧进行字段或整体加密,避免明文落盘
+
+## 4. 序列化与反序列化风险
+
+- RocketMQ 仅传输字节数组,不做对象反序列化
+- 消费端若需反序列化,应选用安全格式(如 JSON-Binding、Protobuf 等),并对不可信数据进行校验
+
+## 5. SDK 与版本管理
+
+- 始终使用官方最新稳定版客户端,以获得最新漏洞修复与改进
+
+## 6. 日志管理
+
+- 请妥善保管 RocketMQ 相关日志(包括 Broker、Namesrver、Proxy、Client等),避免敏感信息泄漏
diff --git a/versioned_docs/version-5.0/14-securityModel/_category_.json 
b/versioned_docs/version-5.0/14-securityModel/_category_.json
new file mode 100644
index 0000000000..a23a247f9b
--- /dev/null
+++ b/versioned_docs/version-5.0/14-securityModel/_category_.json
@@ -0,0 +1,4 @@
+{
+  "label": "安全模型",
+  "position": 14
+}
\ No newline at end of file

Reply via email to