Special thanks to @alvaroqt who found this vulnerability, and reported it to me.
Private routes accessible on public routes and vice versa.
Every version up to v1.0.1 has a security vulnerability and is not save for production. PLEASE UPDATE YOUR PACKAGE TO v1.0.2
In versions up to v.1.0.1 only one router gets instantiated. Which means every public route is available on private routes and vice versa.
If you update your version to v1.0.2 every known security vulnerability is fixed and you are ready to use it as is. There are NO breaking changes in the current API, so you don't have to change anything in your code, except updating your current version of express-routes-mapper to v1.0.2.
Security vulnerability
PLEASE UPDATE YOUR PACKAGE TO v1.0.2
Special thanks to @alvaroqt who found this vulnerability, and reported it to me.
Every version up to v1.0.1 has a security vulnerability and is not save for production. PLEASE UPDATE YOUR PACKAGE TO v1.0.2
In versions up to v.1.0.1 only one router gets instantiated. Which means every public route is available on private routes and vice versa.
If you update your version to v1.0.2 every known security vulnerability is fixed and you are ready to use it as is. There are NO breaking changes in the current API, so you don't have to change anything in your code, except updating your current version of
express-routes-mapperto v1.0.2.