v2.10.1
Fixed
-
Fix an issue with
GET /v1/keysAPI endpoint not correctly handling?scope=alland
?user=<username>query filter parameter inside the open-source edition. This would allow
user A to retrieve datastore values from user B and similar.NOTE: Enterprise edition with RBAC was not affected, because in RBAC version, correct check is
in place which only allows users with an admin role to use?scope=alland retrieve / view
datastore values for arbitrary system users. (security issue bug fix)