search

tolgee / tolgee-platform

Developer & translator friendly web-based localization platform
https://tolgee.io
Other
1.23k stars 95 forks source link

chore: Endpoints outside public should be authenticated by default #2234

Closed JanCizmar closed 4 weeks ago

JanCizmar commented 1 month ago

While upgrading to Spring 3, I converted 

.mvcMatchers("/api/**", "/v2/**").authenticated()

to 

it.requestMatchers("/api/**", "/v2/**")

Forgetting to add the authenticated modifier.

However, there is no endpoint outside /v2/public or /api/public, so this is causes no vulnerability. However, I am adding it back to force keeping all the public endpoints under /v2|api/public

github-actions[bot] commented 3 weeks ago

:tada: This PR is included in version 3.57.1 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: