Merge pull request #30065 from cmabdullah

* gh-30065: Polish "Clarify actuator security documentation" Clarify actuator security documentation Closes gh-30065
3 years ago · 52c49cc4ea
parent fd3248b629 c872539dea
commit 52c49cc4ea
1 changed files with 2 additions and 2 deletions
--- a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc
+++ b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc
@ -316,8 +316,8 @@ TIP: If you want to implement your own strategy for when endpoints are exposed,

 [[actuator.endpoints.security]]
 === Security
-For security purposes, all actuators other than `/health` are disabled by default.
-You can use the configprop:management.endpoints.web.exposure.include[] property to enable the actuators.
+For security purposes, only the `/health` endpoint is exposed over HTTP by default.
+You can use the configprop:management.endpoints.web.exposure.include[] property to configure the endpoints that are exposed.

 NOTE: Before setting the `management.endpoints.web.exposure.include`, ensure that the exposed actuators do not contain sensitive information, are secured by placing them behind a firewall, or are secured by something like Spring Security.