StackStorm v2.10.1 release notes (2018-12-20)

« Changelog History

StackStorm v2.10.1 Release Notes

Release Date: 2018-12-20 // over 5 years ago

🛠 Fixed


* 🛠 Fix an issue with ``GET /v1/keys`` API endpoint not correctly handling ``?scope=all`` and
  ``?user=<username>`` query filter parameter inside the open-source edition. This would allow
  user A to retrieve datastore values from user B and similar.

  NOTE: Enterprise edition with RBAC was not affected, because in RBAC version, correct check is
  in place which only allows users with an admin role to use ``?scope=all`` and retrieve / view
  datastore values for arbitrary system users. (security issue bug fix)

StackStorm v2.10.1

Version Release Notes from December 20, 2018 (over 5 years ago)

« Changelog History

StackStorm v2.10.1 Release Notes