Mercurial > hg > orthanc-authorization
diff NEWS @ 77:94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
author | Alain Mazy <am@osimis.io> |
---|---|
date | Wed, 15 Mar 2023 16:36:42 +0100 |
parents | aa73b10c2db9 |
children | 9194a65254d4 |
line wrap: on
line diff
--- a/NEWS Thu Mar 09 14:37:52 2023 +0100 +++ b/NEWS Wed Mar 15 16:36:42 2023 +0100 @@ -7,6 +7,10 @@ * new GET "auth/user/profile" Rest API route to retrieve user permissions * new PUT "auth/tokens/{token-type}" Rest API route to create tokens * new POST "auth/tokens/decode" Rest API route to decode tokens +* SECURITY FIX: in prior versions, it was possible to browse remote + dicom-web servers without being authenticated. (The API routes + /dicom-web/servers/.../studies were unprotected). The local + dicom-web server was correctly protected. 2022-11-16 - v 0.4.1