SECURITY: Disable MessageBus::Diagnostics.

MessageBus::Diagnostics allows anyone with access to carry out certain operations that may result in a denial of service. The impact of this is greater on multisiite clusters.
2025-01-19 16:02:45 +08:00 · 2021-12-17 14:24:32 +08:00 · 2021-12-17 14:24:32 +08:00 · 7a8ec129fb
commit 7a8ec129fb
parent 30bc65af70
1 changed files with 0 additions and 1 deletions
--- a/config/initializers/004-message_bus.rb
+++ b/config/initializers/004-message_bus.rb
@ -120,7 +120,6 @@ MessageBus.reliable_pub_sub.max_backlog_size = GlobalSetting.message_bus_max_bac
 MessageBus.long_polling_enabled = SiteSetting.enable_long_polling
 MessageBus.long_polling_interval = SiteSetting.long_polling_interval
 MessageBus.cache_assets = !Rails.env.development?
-MessageBus.enable_diagnostics

 if Rails.env == "test" || $0 =~ /rake$/
  # disable keepalive in testing