Mercurial > hg > orthanc-authorization
comparison NEWS @ 77:94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
author | Alain Mazy <am@osimis.io> |
---|---|
date | Wed, 15 Mar 2023 16:36:42 +0100 |
parents | aa73b10c2db9 |
children | 9194a65254d4 |
comparison
equal
deleted
inserted
replaced
76:d301047ee3c4 | 77:94a9484d7f8f |
---|---|
5 define the new "WebServiceUserProfileUrl" configuration. | 5 define the new "WebServiceUserProfileUrl" configuration. |
6 * new "orthanc-explorer-2" StandardConfigurations | 6 * new "orthanc-explorer-2" StandardConfigurations |
7 * new GET "auth/user/profile" Rest API route to retrieve user permissions | 7 * new GET "auth/user/profile" Rest API route to retrieve user permissions |
8 * new PUT "auth/tokens/{token-type}" Rest API route to create tokens | 8 * new PUT "auth/tokens/{token-type}" Rest API route to create tokens |
9 * new POST "auth/tokens/decode" Rest API route to decode tokens | 9 * new POST "auth/tokens/decode" Rest API route to decode tokens |
10 * SECURITY FIX: in prior versions, it was possible to browse remote | |
11 dicom-web servers without being authenticated. (The API routes | |
12 /dicom-web/servers/.../studies were unprotected). The local | |
13 dicom-web server was correctly protected. | |
10 | 14 |
11 | 15 |
12 2022-11-16 - v 0.4.1 | 16 2022-11-16 - v 0.4.1 |
13 ==================== | 17 ==================== |
14 | 18 |