Worked on improving the security model of the alibaba/nacos repository by addressing a misconfiguration in the InstanceControllerV3 component. Focused on backend development using Java and the Spring framework, the work involved updating the security annotation for retrieving instance details, changing the action type from WRITE to READ. This adjustment ensured that the API’s access patterns accurately reflected intended permissions, reducing the risk of misconfiguration and enhancing overall security accuracy. The contribution centered on refining API development practices, demonstrating attention to detail in permission handling and aligning the implementation with best practices for secure backend service design and maintenance.