You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@dubbo.apache.org by il...@apache.org on 2021/01/26 02:55:31 UTC

[dubbo-website] branch master updated: 拼写错误 (#714)

This is an automated email from the ASF dual-hosted git repository.

iluo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/dubbo-website.git


The following commit(s) were added to refs/heads/master by this push:
     new 6e9d289  拼写错误 (#714)
6e9d289 is described below

commit 6e9d289866980509dcd761c249b116fd3ab3bc4e
Author: ichengzi <ic...@users.noreply.github.com>
AuthorDate: Tue Jan 26 10:55:21 2021 +0800

    拼写错误 (#714)
    
    拼写错误
---
 content/zh/docs/notices/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/zh/docs/notices/security.md b/content/zh/docs/notices/security.md
index 13bdba9..3eda1c9 100755
--- a/content/zh/docs/notices/security.md
+++ b/content/zh/docs/notices/security.md
@@ -9,7 +9,7 @@ weight: 90
 
 
 ## 序列化
-Dubbo 支持序列化协议的扩展，理论上用户可以基于该扩展机制启用任意序的列化协议，这带来了极大的灵活的，但同时也要意识到其中潜藏的安全性风险。
+Dubbo 支持序列化协议的扩展，理论上用户可以基于该扩展机制启用任意的序列化协议，这带来了极大的灵活的，但同时也要意识到其中潜藏的安全性风险。
 数据反序列化是最容易被被攻击者利用的一个环节，攻击者利用它执行 RCE 攻击等窃取或破坏服务端数据，用户在切换序列化协议或实现前，
 应充分调研目标序列化协议及其框架实现的安全性保障，并提前设置相应的安全措施（如设置黑/白名单）。Dubbo 框架自身并不能保证目标序列化机制的安全性。