[MXS-2825] REST API allows POST requests without body for basic users - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 2.3.15
Fix Version/s: 2.4.0, 2.3.16
Component/s: REST-API
Labels:
None

Description

The REST API allows modifying requests from basic users if the request does not define a body (e.g. POST /v1/maxscale/logs/flush). This behavior is fixed in 2.4 but was not documented.

Attachments

Activity

People

Assignee:: markus makela

Reporter:: markus makela

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2020-01-07 08:15

Updated:: 2020-08-25 17:00

Resolved:: 2020-01-09 05:13