2024 年 7 月 5 日上午 5 點 (臺灣時間) 後啟動的任何 Dataflow 工作,都會使用修補後的 VM 映像檔。如要使用修補完成的 VM 映像檔,請手動更新或重新啟動在此日期前啟動的串流管道。
找出工作站 VM 具有公開 IP 位址的 Dataflow 作業
除非防火牆封鎖存取權,否則具有公開 IP 位址的 Dataflow 工作站 VM 的 SSH 連接埠會對網際網路開放。
如要取得啟動含有外部 IP 位址 VM 的 Dataflow 工作清單,請使用下列 gcloud CLI 指令:
gcloud--projectPROJECT_IDcomputeinstanceslist\--filter"EXTERNAL_IP!='' AND STATUS='RUNNING' \ AND description ~ 'Created for Dataflow job'"\--format="list (description)"|sort-u
如要檢查專案中所有具有外部 IP 位址的 VM 清單,請使用下列 gcloud CLI 指令:
gcloud--projectPROJECT_IDcomputeinstanceslist\--filter"EXTERNAL_IP!='' AND STATUS='RUNNING'"
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-09-04 (世界標準時間)。"],[[["\u003cp\u003eThis page lists security bulletins for Dataflow, and you can subscribe to updates via an RSS feed reader or the provided feed URL.\u003c/p\u003e\n"],["\u003cp\u003eA recent vulnerability, CVE-2024-6387, has been discovered in OpenSSH, potentially allowing attackers to gain root access to Dataflow worker VMs.\u003c/p\u003e\n"],["\u003cp\u003eDataflow worker VMs with public IP addresses and exposed SSH should be prioritized for mitigation.\u003c/p\u003e\n"],["\u003cp\u003eThe most effective mitigation is to disable SSH access to Dataflow worker VMs using the provided Google Cloud CLI command, as SSH access is typically unnecessary for Dataflow functionality.\u003c/p\u003e\n"],["\u003cp\u003eFor streaming pipelines launched before 2024-07-04 22:00 PDT, updating or restarting the job is necessary to use the patched VM image with the OpenSSH update, and you may also disable public IPs for pipelines not requiring public internet access.\u003c/p\u003e\n"]]],[],null,["# Security bulletins\n\nThe following describes all security bulletins related to\nDataflow.\n\nTo get the latest security bulletins delivered to you, do one of the following:\n\n- Add the URL of this page to your [feed reader](https://wikipedia.org/wiki/Comparison_of_feed_aggregators).\n- Add the feed URL directly to your feed reader: `https://cloud.google.com/feeds/dataflow-security-bulletins.xml`\n\n\u003cbr /\u003e\n\nGCP-2024-040\n------------\n\n**Published**: 2024-07-03\n\n\u003cbr /\u003e"]]