diff options
author | Bryan Newbold <bnewbold@robocracy.org> | 2019-04-09 22:20:33 -0700 |
---|---|---|
committer | Bryan Newbold <bnewbold@robocracy.org> | 2019-04-09 22:20:33 -0700 |
commit | c2f399df663e2fffd5bdb0aeede9e23c056af435 (patch) | |
tree | bb33db5ba848235691c28beb9ee7d32f45360b3b | |
parent | a9caaafadb6f4018ca370ebc9132294e80439df9 (diff) | |
download | fatcat-c2f399df663e2fffd5bdb0aeede9e23c056af435.tar.gz fatcat-c2f399df663e2fffd5bdb0aeede9e23c056af435.zip |
add CHANGELOG entry about api_key issue
-rw-r--r-- | CHANGELOG.md | 9 | ||||
-rwxr-xr-x | python_client/codegen_python_client.sh | 1 |
2 files changed, 10 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 130004d4..2cf4556e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,15 @@ See also: ## [Unreleased] +### Fixed + +- fixed major authn/authz bug with fatcat python client which leaked API tokens + between API client handles. Almost all tests/webfact/etc were potentially + running with the privileged (superuser) webface-bot privileges. Yikes! +- API `get_editgroup_annotations` endpoint was requiring auth; this was a typo. + Going to call this a very minor/backwards-compatible API change and not do a + minor version bump for it. + ## [0.2.1] - 2019-04-09 No API or SQL schema changes in this release. Macaroon generation and diff --git a/python_client/codegen_python_client.sh b/python_client/codegen_python_client.sh index 35126ad3..928c9e6b 100755 --- a/python_client/codegen_python_client.sh +++ b/python_client/codegen_python_client.sh @@ -48,6 +48,7 @@ END_PATCH # I don't know what they were thinking with this TypeWithDefault stuff, but it # caused really gnarly config cross-contamination issues when running mulitple # clients in parallel. +# See also: https://github.com/swagger-api/swagger-codegen/issues/9117 patch -p0 << END_PATCH --- fatcat_client/configuration.py +++ fatcat_client/configuration.py |