Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Security Bug: No permissions applied to version endpoints #5008

Merged
merged 1 commit into from
Feb 28, 2024
Merged

Fix Security Bug: No permissions applied to version endpoints #5008

merged 1 commit into from
Feb 28, 2024

Conversation

IsaacHayes1995
Copy link
Contributor

@IsaacHayes1995 IsaacHayes1995 commented Feb 27, 2024
edited
Loading

List,Delete, and Revert endpoints for editing workflows by version were set to allow anonymous, meaning no authorisation policies were applied.

I have changed these to apply permissions as per the rest of the API.

@IsaacHayes1995
Fix Security Bug: No permissions applied to version endpoints
72ffa77 
List,Delete, and Revert endpoints for editing endpoints by version were set to allow anonymous, meaning no authorisation policies were applied.

I have changed these to apply permissions as per the rest of the API.
@IsaacHayes1995
Copy link
Contributor Author

@dotnet-policy-service agree

@sfmskywalker
Copy link
Member

Great catch @IsaacHayes1995 , thank you for raising this issue + PR 🙏🏻

@sfmskywalker sfmskywalker added bug Something isn't working prio immediate An urgent issue which must be addressed immediately elsa 3 This issue is specific to Elsa 3 labels Feb 28, 2024
@sfmskywalker sfmskywalker merged commit 5aa1ce8 into elsa-workflows:main Feb 28, 2024
2 checks passed
sfmskywalker pushed a commit that referenced this pull request Feb 28, 2024
@IsaacHayes1995 @sfmskywalker
Fix Security Bug: No permissions applied to version endpoints (#5008)
875afd4 
List,Delete, and Revert endpoints for editing endpoints by version were set to allow anonymous, meaning no authorisation policies were applied.

I have changed these to apply permissions as per the rest of the API.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sfmskywalker sfmskywalker sfmskywalker approved these changes

Assignees
No one assigned
Labels
bug Something isn't working elsa 3 This issue is specific to Elsa 3 prio immediate An urgent issue which must be addressed immediately
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@IsaacHayes1995 @sfmskywalker