ยซ Changelog History


StackStorm v2.9.2 Release Notes

Release Date: 2018-12-19 // over 5 years ago

  • ๐Ÿ›  Fixed

    ๐Ÿ›  Fix an issue with GET /v1/keys API endpoint not correctly handling ?scope=all and
    ?user=<username> query filter parameter inside the open-source edition. This would allow
    ๐Ÿ‘‰ user A to retrieve datastore values from user B and similar.

    NOTE: Enterprise edition with RBAC was not affected, because in RBAC version, correct check is
    in place which only allows users with an admin role to use ?scope=all and retrieve / view
    ๐Ÿ”’ datastore values for arbitrary system users. (security issue bug fix)