StackStorm v2.9.2 Release Notes
Release Date: 2018-12-19 // over 5 years ago-
๐ Fixed
๐ Fix an issue with
GET /v1/keys
API endpoint not correctly handling?scope=all
and
?user=<username>
query filter parameter inside the open-source edition. This would allow
๐ user A to retrieve datastore values from user B and similar.NOTE: Enterprise edition with RBAC was not affected, because in RBAC version, correct check is
in place which only allows users with an admin role to use?scope=all
and retrieve / view
๐ datastore values for arbitrary system users. (security issue bug fix)