rhodecode-enterprise-ce Files · docs/release-notes/release-notes-4.11.6.rst

auth-token: expose fetched token in unified way into request attribute....

auth-token: expose fetched token in unified way into request attribute. - This will allow re-using exposed access token for HTTP views in single place - We will support also exposing tokens from url if special _auth_token will be used as url param - We'll no longer require double logic for extraction of URL/HEADER auth-tokens and have a single place to extract it.

marcink - - Load All Authors

File last commit:

r2665:f42f8690 stable


                r4002:5f150e86

default

Download file

             release-notes-4.11.6.rst
        
                    41 lines
            
             | 489 B
            
                | text/x-rst
            
             |
                RstLexer

/ docs / release-notes / release-notes-4.11.6.rst

History | Annotation | Raw |Copy content |Copy permalink

|RCE| 4.11.6 |RNS|
Release Date
2018-03-28


New Features

General

Security
api(high): fixed unauthorized access to repositories using forged api requests.


Performance

Fixes

Upgrade notes
Unscheduled security release addressing found vulnerability in the API that
allows attackers to gain access to repositories in unauthorized way by forging
data in the API request.

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages