Closed JanCizmar closed 4 weeks ago
While upgrading to Spring 3, I converted
.mvcMatchers("/api/**", "/v2/**").authenticated()
to
it.requestMatchers("/api/**", "/v2/**")
Forgetting to add the authenticated modifier.
authenticated
However, there is no endpoint outside /v2/public or /api/public, so this is causes no vulnerability. However, I am adding it back to force keeping all the public endpoints under /v2|api/public
/v2/public
/api/public
/v2|api/public
:tada: This PR is included in version 3.57.1 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
While upgrading to Spring 3, I converted
to
Forgetting to add the
authenticated
modifier.However, there is no endpoint outside
/v2/public
or/api/public
, so this is causes no vulnerability. However, I am adding it back to force keeping all the public endpoints under/v2|api/public