While working on Version 2 of this library I found a bug in the use of the DataKey which can cause hierarchical multi-tenant applications to sometimes access another tenant’s data. This is therefore a critical bug.
This bug is fixed in AuthPermissions.AspNetCore 2.0.0.
BUT if you built a single or hierarchical multi-tenant application using Version 1 of this library, then you need to migrate your application's databases that use the DataKey. This section in the [Migrate from AuthPermissions.AspNetCore 1.* to 2.0] document explains how to do this.
NOTE: Single multi-tenant applications in version 1 didn’t have a bug, but the AuthP DataKey uses the same DataKey for Single and Hierarchical multi-tenant, so you still need to follow this information when upgrading to Version 2.
JonPSmith
commented
2 years ago
While working on Version 2 of this library I found a bug in the use of the
DataKeywhich can cause hierarchical multi-tenant applications to sometimes access another tenant’s data. This is therefore a critical bug.This bug is fixed in AuthPermissions.AspNetCore 2.0.0.
BUT if you built a single or hierarchical multi-tenant application using Version 1 of this library, then you need to migrate your application's databases that use the
DataKey. This section in the [Migrate from AuthPermissions.AspNetCore 1.* to 2.0] document explains how to do this.NOTE: Single multi-tenant applications in version 1 didn’t have a bug, but the AuthP DataKey uses the same DataKey for Single and Hierarchical multi-tenant, so you still need to follow this information when upgrading to Version 2.