github StackStorm/st2 v2.10.1

latest releases: v3.8.1, v3.8.0, v3.7.0...
5 years ago

Fixed

  • Fix an issue with GET /v1/keys API endpoint not correctly handling ?scope=all and
    ?user=<username> query filter parameter inside the open-source edition. This would allow
    user A to retrieve datastore values from user B and similar.

    NOTE: Enterprise edition with RBAC was not affected, because in RBAC version, correct check is
    in place which only allows users with an admin role to use ?scope=all and retrieve / view
    datastore values for arbitrary system users. (security issue bug fix)

Don't miss a new st2 release

NewReleases is sending notifications on new releases.