Microservices Engine:Notice on cancellation of logon authentication for the open source console on MSE Nacos

When you access the open source Nacos console in a version earlier than V2.2.2, you are redirected to the logon page of the open source console regardless of whether the authentication feature is enabled. This misleads users into thinking that the authentication feature is enabled for the open source console. If authentication is not enabled actually, security risks may exist. After the negotiation and discussion between the community and security engineers, a conclusion is obtained. If authentication is not enabled for the open source Nacos console in a version later than V2.2.2, users are not redirected to the logon page and they directly access the open source console. A prompt is displayed in the upper part of the page, indicating that authentication is not enabled for the current Nacos instance.

For MSE Nacos V2.2.3.0 and later, community standards are applied. If authentication is not enabled, users are not redirected to the logon page of the open source Nacos console when they access the open source console. MSE Nacos provides better security and supports fine-grained authentication provided by Alibaba Cloud Resource Access Management (RAM). After RAM authentication is enabled, you can directly access the open source console, but you cannot obtain the instance data. For more information about how to enable authentication, see Grant permissions on Microservices Registry resources and Access authentication by the Nacos client.

If you are concerned about access control issues of the open source console, we recommend that you upgrade your MSE Nacos instance to V2.2.3.1. By default, access to the open source console is disabled in MSE Nacos V2.2.3.1. When you access the open source console, you are prompted to perform Nacos-related operations in the MSE console.