mirror of https://github.com/status-im/consul.git
3 lines
378 B
Plaintext
3 lines
378 B
Plaintext
|
```release-note:security
|
||
|
auto-config: Added input validation for auto-config JWT authorization checks. Prior to this change, it was possible for malicious actors to construct requests which incorrectly pass custom JWT claim validation for the `AutoConfig.InitialConfiguration` endpoint. Now, only a subset of characters are allowed for the input before evaluating the bexpr.
|
||
|
```
|