-
Bug
-
Resolution: Fixed
-
Neutral
-
None
-
None
-
None
The current web access rule should be revised:
- DENY /.rest*
- DENY /.rest/command
- GET&POST /.rest/repositories*
should be:
- DENY /.rest*
- DENY /.rest/commands (add 's')
- DENY /.rest/repositories* (deny access to endpoint by default)
- GET&POST /.rest/repositories/v1/website* (to prevent access to other workspaces by default)
Acceptance criteria