[#MXS-2825] REST API allows POST requests without body for basic users

[MXS-2825] REST API allows POST requests without body for basic users Created: 2020-01-07 Updated: 2020-08-25 Resolved: 2020-01-09
Status:	Closed
Project:	MariaDB MaxScale
Component/s:	REST-API
Affects Version/s:	2.3.15
Fix Version/s:	2.3.16, 2.4.0

Type:

Bug

Priority:

Major

Reporter:

markus makela

Assignee:

markus makela

Resolution:

Fixed

Votes:

Labels:

None

Description

The REST API allows modifying requests from basic users if the request does not define a body (e.g. POST /v1/maxscale/logs/flush). This behavior is fixed in 2.4 but was not documented.

Generated at Thu Feb 08 04:16:57 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MXS-2825] REST API allows POST requests without body for basic users Created: 2020-01-07 Updated: 2020-08-25 Resolved: 2020-01-09