Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-2825

REST API allows POST requests without body for basic users

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.15
    • Fix Version/s: 2.4.0, 2.3.16
    • Component/s: REST-API
    • Labels:
      None

      Description

      The REST API allows modifying requests from basic users if the request does not define a body (e.g. POST /v1/maxscale/logs/flush). This behavior is fixed in 2.4 but was not documented.

        Attachments

          Activity

            People

            Assignee:
            markus makela markus makela
            Reporter:
            markus makela markus makela
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: