Start by reviewing the OpenTelemetry Collector security documentation.
Please DO NOT report security vulnerabilities via public GitHub issue reports. Please report security issues here.
This project relies on a variety of external dependencies. These dependencies are monitored by Dependabot. Dependencies are checked daily and associated pull requests are opened automatically. Upgrading to the latest release is recommended to ensure you have the latest security updates. If a security vulnerability is detected for a dependency of this project then either:
- You are running an older release
- A new release with the updates has not been cut yet
- The updated dependency has not been merged likely due to some breaking change (in this case, we will actively work to resolve the issue and open a tracking GitHub issues with details)
- The dependency has not released an updated version with the patch
By default, the Collector exposes the following endpoints:
Health endpoint useful for load balancer monitoringhttp(s)://<collectorFQDN>:[14250|14268]
Jaeger [gRPC|Thrift HTTP] receiverhttp(s)://localhost:55679/debug/[tracez|pipelinez]
zPages monitoringhttp(s)://<collectorFQDN>:4317
OpenTelemetry gRPC receiverhttp(s)://<collectorFQDN>:6060
HTTP Forwarder used to receive Smart AgentapiUrl
SignalFx Infrastructure Monitoring gRPC receiverhttp(s)://localhost:8888/metrics
Prometheus metrics for the Collectorhttp(s)://<collectorFQDN>:9411/api/[v1|v2]/spans
Zipkin JSON (can be set to proto) receiverhttp(s)://<collectorFQDN>:9943/v2/trace
SignalFx APM receiver
Receivers can and should be disabled if not required for an environment.