eggjs · fengmk2 · Feb 19, 2024 · Feb 19, 2024
diff --git a/site/docs/core/security.md b/site/docs/core/security.md
@@ -668,3 +668,21 @@ This function scans the script tag in the template and automatically adds `nonce
 For sites that do not open HTTPS, this function can be limited to preventing ISP hijacking.
 
 [egg-view-nunjucks]: https://github.com/eggjs/egg-view-nunjucks
+
+## Revert CVE
+
+
+In the security fixes of node.js, there may be breaking changes. For example, in version 18.9.1, a security vulnerability was fixed, which caused some encryption-related code to not function properly. To address this issue, we provide a revert parameter, which is converted to the --security-revert parameter at startup, allowing the bypassing of the CVE fix.
+
+```json
+// package.json
+{
+  "egg": {
+    // Supports two configuration methods
+    // One is to use a string directly, specifying a CVE
+    "revert": "CVE-2023-46809",
+    // The other is to use an array of strings, allowing the specification of multiple CVEs
+    "revert": [ "CVE-2023-46809" ]
+  }
+}
+```
diff --git a/site/docs/core/security.zh-CN.md b/site/docs/core/security.zh-CN.md
@@ -637,3 +637,20 @@ exports.security = {
 对于未开启 HTTPS 的网站，此函数可以有效防止运营商劫持。
 
 [egg-view-nunjucks]: https://github.com/eggjs/egg-view-nunjucks
+
+## Revert CVE
+
+在 node.js 的安全修复中可能会造成 Breaking change，例如在 18.9.1 版本中修复了一个安全漏洞，导致了一些加密相关的代码无法正常运行。为了解决这个问题，我们提供了一个 `revert` 的参数，在启动时转换为 `--security-revert` 参数，可以绕过 CVE 的修复。
+
+```json
+// package.json
+{
+  "egg": {
+    // 支持两种配置方式
+    // 一种是直接使用字符串，指定一个 CVE
+    "revert": "CVE-2023-46809",
+    // 另一种是使用字符串数组，可以指定多个 CVE
+    "revert": [ "CVE-2023-46809" ]
+  }
+}
+```