v2.10.1

Kami released this 20 Dec 09:59

· 5626 commits to master since this release

a69d61b

Fixed

Fix an issue with GET /v1/keys API endpoint not correctly handling ?scope=all and
?user=<username> query filter parameter inside the open-source edition. This would allow
user A to retrieve datastore values from user B and similar.

NOTE: Enterprise edition with RBAC was not affected, because in RBAC version, correct check is
in place which only allows users with an admin role to use ?scope=all and retrieve / view
datastore values for arbitrary system users. (security issue bug fix)

Assets 2