From 3901455ec74c87b76ada57251a276822bf3ac476 Mon Sep 17 00:00:00 2001 From: acaptutorials Date: Wed, 5 Feb 2025 13:54:29 +0800 Subject: [PATCH] chore: link security debts to security considerations, #77 --- docs/pages/announcements/firebase-storage-2024.mdx | 1 + docs/pages/changelog.mdx | 2 ++ 2 files changed, 3 insertions(+) diff --git a/docs/pages/announcements/firebase-storage-2024.mdx b/docs/pages/announcements/firebase-storage-2024.mdx index 2d45dbb2..2be928a4 100644 --- a/docs/pages/announcements/firebase-storage-2024.mdx +++ b/docs/pages/announcements/firebase-storage-2024.mdx @@ -128,6 +128,7 @@ _All Firebase components service usage (including those not used by ACAP) will o +
Yes. Ensuring **system integrity** and **strong security measures** is critical when handling: diff --git a/docs/pages/changelog.mdx b/docs/pages/changelog.mdx index 042a2906..97f64f16 100644 --- a/docs/pages/changelog.mdx +++ b/docs/pages/changelog.mdx @@ -75,6 +75,8 @@ Version 2.0 and later versions may have new requirements that will thrive on new 4. **Firestore database pollution:** Also related to item 1, the new **"Support Services"** data with insufficient validation, if pushed through the [Firestore REST APIs](https://cloud.google.com/firestore/docs/reference/rest/), can potentially allow writing unlimited key-value pairs with unlimited text or Object content length in Firestore Documents or creating Collections/Documents recursively outside the developer's intended schema or structure. If left unchecked, this can speed up the consumption of the Firebase standard plan quota (or drive up the billing if subscribed to the Firebase Blaze plan) in the long run. > These issues, raised during the early 2.0 development phase (June 2024), have been communicated to the new main ACAP code Maintainer, who is also the new primary developer/programmer leading the creation and enhancement of new features for Version 2.0. The new code Maintainer has made thoughtful decisions for balancing development speed with feature delivery, reflecting their understanding of the project's scope and the perceived security needs. They are open to addressing these issues as time and priorities allow within the ACAP project timeline. + +**Related topic:** [Security Considerations](/announcements/firebase-storage-2024#security-considerations)