Merge pull request #838 from arangodb/bug-fix/APM-78

[APM-78]: Disable installation from remote URL

Author: KVS85

3.10/security-security-options.md

@@ -354,3 +354,14 @@ in an ArangoDB server:
   application Github repository at
   [github.com/arangodb/foxx-apps](https://github.com/arangodb/foxx-apps){:target="_blank"}.
   The default value is `true`.
+
+- `--foxx.allow-install-from-remote`:
+  When set to `false`, this option prevents installation of Foxx apps from any
+  remote source other than Github and diactivates the **Remote** tab in the **Services**
+  section of the web interface. Installing apps from Github and/or zip files is 
+  still possible with this setting, but any other remote sources are blocked.
+  When set to `true`, installing Foxx apps from other remote sources via URLs
+  is allowed.
+  The default value is `false`.
+  Note: this option was introduced in ArangoDB v3.8.5.
+

3.8/security-security-options.md

@@ -332,3 +332,15 @@ in an ArangoDB server:
   application Github repository at
   [github.com/arangodb/foxx-apps](https://github.com/arangodb/foxx-apps){:target="_blank"}.
   The default value is `true`.
+
+- `--foxx.allow-install-from-remote`:
+  When set to `false`, this option prevents installation of Foxx apps from any
+  remote source other than Github and diactivates the **Remote** tab in the **Services**
+  section of the web interface. Installing apps from Github and/or zip files is 
+  still possible with this setting, but any other remote sources are blocked.
+  When set to `true`, installing Foxx apps from other remote sources via URLs
+  is allowed.
+  For security purposes, it's recommended to set this option to `false`.
+  In 3.8 the default value is `true`, but starting from ArangoDB 3.9 it will
+  be set to `false`.
+  Note: this option was introduced in ArangoDB v3.8.5.

3.9/release-notes-upgrading-changes39.md

@@ -72,6 +72,23 @@ Also see [Known limitations for AQL queries](aql/fundamentals-limitations.html).
 Startup options
 ---------------
 
+### Installing Foxx apps from remote URLS
+
+The `--foxx.allow-install-from-remote` option controls whether installing Foxx apps
+from remote URL sources other than Github is allowed. If set to `false`,
+installing Foxx apps is blocked for any remote sources other than Github. Installing
+Foxx apps from Github or from uploaded zip files is still possible with this
+option.
+Setting it to `true` will allow installing Foxx apps from any remote
+URL sources.
+
+In ArangoDB 3.9, the default value for this option is `false`, meaning that
+installing Foxx apps from remote sources other than Github is now disallowed. This
+also inactivates the **Remote** tab in the **Services** section of the web interface.
+Compared to the previous versions of ArangoDB, this is a downwards-incompatible default
+value change, which was made for security reasons. To enable installing
+apps from remote sources again, set this option to `true`.
+
 ### RocksDB options
 
 The default value for the startup `--rocksdb.max-subcompactions` option  was 

3.9/security-security-options.md

@@ -354,3 +354,14 @@ in an ArangoDB server:
   application Github repository at
   [github.com/arangodb/foxx-apps](https://github.com/arangodb/foxx-apps){:target="_blank"}.
   The default value is `true`.
+
+- `--foxx.allow-install-from-remote`:
+  When set to `false`, this option prevents installation of Foxx apps from any
+  remote source other than Github and diactivates the **Remote** tab in the **Services**
+  section of the web interface. Installing apps from Github and/or zip files is 
+  still possible with this setting, but any other remote sources are blocked.
+  When set to `true`, installing Foxx apps from other remote sources via URLs
+  is allowed.
+  The default value is `false`.
+  Note: this option was introduced in ArangoDB v3.8.5.
+