From 3220db4832492146ab00fc072884fddd13056341 Mon Sep 17 00:00:00 2001
From: Lei Zhang <zhanglei@apache.org>
Date: Wed, 13 Mar 2024 13:20:28 +0800
Subject: [PATCH] Disable insecure spring boot actuator endpoints by default.

Spring Boot Actuator only exposes the /actuator/health /actuator/info endpoint by default
---
 alpha/alpha-server/src/main/resources/application.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/alpha/alpha-server/src/main/resources/application.yaml b/alpha/alpha-server/src/main/resources/application.yaml
index 59ed23f8c..3cb99aa70 100644
--- a/alpha/alpha-server/src/main/resources/application.yaml
+++ b/alpha/alpha-server/src/main/resources/application.yaml
@@ -140,7 +140,7 @@ management:
   endpoints:
     web:
       exposure:
-        include: "*"
+        include: "health,info"
   health:
     redis:
       enabled: false