-
|
Hello everyone, I have a security-related question regarding Zealot. I’ve noticed that links in the format /release/7 allow direct downloading of files without requiring authentication, unlike channel-based downloads that are password-protected. This could potentially allow unauthorized users to download private application versions by simply guessing release numbers. Is there a way to restrict downloads on these direct links, either by enforcing password protection or another authentication mechanism? Thanks in advance for your help! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
Thank you for reporting this issue. I will temporarily fix it as soon as possible. We will consider addressing the issue of the obviously guessable ID later. |
Beta Was this translation helpful? Give feedback.
-
|
hi @icyleaf is there any news regarding this topic? |
Beta Was this translation helpful? Give feedback.
-
|
fixed in #1798 |
Beta Was this translation helpful? Give feedback.
-
|
It doesn't seem to be working in v6.0.4. I've updated from 5.3 to 6.0.4, uploaded new app and still everyone can access it. Could you guys assist with this? |
Beta Was this translation helpful? Give feedback.
fixed in #1798