eddie-knight
commented
1 year ago Brilliant catch. We'll need to switch this to deny all by default, but it'll require us knowing every acceptance in detail.
Open tbmorris449 opened 1 year ago
eddie-knight
commented
1 year ago Brilliant catch. We'll need to switch this to deny all by default, but it'll require us knowing every acceptance in detail.
Perhaps I am misreading due to being unfamiliar with Java. But it looks like the security policy for the request config is doing permit all as a default. Probably not a good idea.