huh, I sure seem to be needing to debug this a lot, I guess I'll just leave it turned on all the time that way I can say a few seconds next time. Larry Wall says one of the virtues of being a great developer is laziness!
Based on [1] it seems like one `management.endpoints.web.exposure.include=*` is enough to expose everything including the heapdump endpoint on the public HTTP API without authentication. It's even there in the docs as an example.
Looks like there is a change [2] coming to the `management.endpoint.heapdump.access` default value that would make this harder to expose by accident.
bryanrasmussen|9 months ago
szundi|9 months ago
[deleted]
terom|9 months ago
Looks like there is a change [2] coming to the `management.endpoint.heapdump.access` default value that would make this harder to expose by accident.
Let's look for `env` next...
[1] https://docs.spring.io/spring-boot/reference/actuator/endpoi...
[2] https://github.com/spring-projects/spring-boot/pull/45624