Special Endpoint Lists All Systems


#1

Here's another one:
[CENSORED] lists the title and hash of every single system including different versions.


I broke some of my clusters :(
#2

Thanks for the report! I'm censoring the specific URL from your post to minimize the exposure of private data in the time before we fix the issue. This behavior isn't intended; REST endpoints should not expose any data that isn't available from the normal user-facing interface.


#3

Not sure if this is what you meant by security on data endpoints but the data is still there.


Update to 0.25.0 and 0.25.1
#4

We haven't yet fixed this issue. We'll try and link this thread from the update post when we do.