Mercurial > hg > orthanc-authorization

diff NEWS @ 77:94a9484d7f8f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix security issues allowing to browse remote dicom servers + introduced UnitTests
author Alain Mazy <am@osimis.io>
date Wed, 15 Mar 2023 16:36:42 +0100
parents aa73b10c2db9
children 9194a65254d4
line wrap: on
line diff
--- a/NEWS	Thu Mar 09 14:37:52 2023 +0100
+++ b/NEWS	Wed Mar 15 16:36:42 2023 +0100
@@ -7,6 +7,10 @@
 * new GET "auth/user/profile" Rest API route to retrieve user permissions
 * new PUT "auth/tokens/{token-type}" Rest API route to create tokens
 * new POST "auth/tokens/decode" Rest API route to decode tokens
+* SECURITY FIX: in prior versions, it was possible to browse remote
+  dicom-web servers without being authenticated.  (The API routes
+  /dicom-web/servers/.../studies were unprotected).  The local
+  dicom-web server was correctly protected.
 
 
 2022-11-16 - v 0.4.1