CVE-2014-4210 SSRF 控制台弱⼝令,部署webshell Jboss CVE-2015-7501 CVE-2017-7504 CVE-2017-12149 未授权访问,部署webshell 控制台弱⼝令,部署webshell wildfly [jboss 7.x 改名为 wildfly] 控制台弱⼝令,部署webshell Tomcat CVE-2016-8735 CVE-2018-1999002 [任意⽂件读取] 未授权访问,任意命令执⾏ 控制台弱⼝令,任意命令执⾏ ElasticSearch CVE-2014-3120 [专⻔针对⽼版本(⽆沙盒)RCE] CVE-2015-1427 [Groovy RCE] [ y ] CVE-2015-3337 [任意⽂件读取] 未授权访问,敏感信息泄露 RabbitMQ 弱⼝令 Apache ActiveMQ 未授权访问,5.12 之前的版本 fileserver存在 PUT任意写 CVE-2015-5254 Apache Solr CVE-2017-12629 CVE-2019-0193 [ Apache Solr 5.x - 8.2.0 ] Apache Zookeeper 未授权访问,敏感信息泄露 Apache Shiro

北京快猫星云科技有限公司 北京快猫星云科技有限公司 北京快猫星云科技有限公司 © 北京快猫星云科技有限公司 企业版 vs. 开源版 更详细对⽐请访问 https://flashcat.cloud/docs 开源监控引领者 故障定位真帮⼿ 访问 www.flashcat.cloud 了解更多

that could become an error and will likely trigger an alert 4. Error – error conditions such as API failures, internal issues 5. Fatal – forces a termination iv. Examples of potentially significant Use telemetry to measure outcomes iv. Etsy open-sourced their experimentation framework – Feature API e. INTEGRATE A/B TESTING INTO OUR FEATURE PLANNING i. Product owners should consider each feature

suite becomes the living documentation of the system specification and represent working examples of API use e. DESIGN FOR OPERATIONS THROUGH CODIFIED NON-FUNCTIONAL REQUIREMENTS i. Designing for fast changes through pair programming or code review 3. Instrument the repository to detect suspicious code (API calls from certain types of test code) 4. Ensure every CI process is in an isolated container 5

Coined by Martin Fowler in 2004 ii. Strangler Application 1. Put existing functionality behind an API 2. New functionality implemented in new services with new architecture 3. Make calls to old system