docs: Document external-decompressor-use-manifest flag for backup/restore security

[promptless]

Open this suggestion in Promptless to view citations and reasoning process

Adds documentation for the new --external-decompressor-use-manifest flag introduced in PR #19460. This flag makes loading decompressor commands from the backup MANIFEST file opt-in (disabled by default) for security reasons. The documentation includes a warning that enabling this flag is a security risk—an attacker with write access to backup storage could modify the manifest to execute arbitrary commands on the tablet.

Trigger Events

vitessio/vitess PR #19460: Restore: make loading compressor commands from `MANIFEST` opt-in

Promptless Research (1 GitHub PR)

• Reviewed vitessio/vitess#19460

Agent Response

I've reviewed PR #19460 and created a documentation suggestion for this security-related change.

Summary

This PR addresses a security vulnerability in Vitess backup/restore functionality. Previously, if no --external-decompressor flag was provided, Vitess could load the decompressor command from the backup's MANIFEST file. This is a security risk because an attacker with write access to backup storage could modify the manifest to execute arbitrary commands on the tablet.

Documentation Update

I created a suggestion that adds documentation for the new --external-decompressor-use-manifest flag to the backup/restore configuration table. The documentation:

• Explains that this flag allows the decompressor command from the backup manifest to be used at restore time
• Clearly warns that this is disabled by default for security reasons
• Describes the attack vector (attacker with write access to backup storage could modify the manifest to execute arbitrary commands)
• Advises users to only enable this flag if they trust their backup storage and understand the risks

Suggestion: Document external-decompressor-use-manifest flag for backup/restore security

File updated: content/en/docs/24.0/user-guides/operating-vitess/backup-and-restore/overview.md

---

Tip: Connect Jira, Linear, Confluence, and more in Integrations to enrich suggestion quality 🔗

[promptless]

Citation: PR #19460 adds the --external-decompressor-use-manifest flag to address a security vulnerability. See go/vt/mysqlctl/compression.go for the flag registration and resolveExternalDecompressor() function implementation that handles the precedence logic. The flag help text in the PR explicitly warns about the security risk of trusting manifest decompressor commands.
View source

[netlify]

✅ Deploy Preview for vitess ready!

Name	Link
🔨 Latest commit	6881631
🔍 Latest deploy log	https://app.netlify.com/projects/vitess/deploys/699dc29c5dd9a70008daca4c
😎 Deploy Preview	https://deploy-preview-2076--vitess.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[promptless]

Just a reminder: If you'd like me to act on any feedback you have via Github comments, just type @Promptless in your suggestion and I'll get right on it! (I won't show up in the user dropdown, but I'll process any request that has @Promptless in the comment body.)