ghost

mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-10 23:36:14 -05:00

History

Fabien O'Carroll b3f66c6c91 Blacklisted private member settings for HTTP calls no-issue Previously it was possible to fetch the private key and session secret for the members service, this is a security issue as we do not have specific permissions for individual settings yet, and could have possibly exposed secrets to admin integrations.		2019-04-16 14:39:01 +02:00
..
client@301edd095f	Updated Ghost-Admin to 2.20.0	2019-04-16 16:42:31 +05:30
server	Blacklisted private member settings for HTTP calls	2019-04-16 14:39:01 +02:00
test	🐛 Disallowed locked/suspended users from being made owner via the API (#10647 )	2019-04-16 10:30:29 +01:00
index.js	Changed where we trigger server start/stop announcement (#9815 )	2018-08-22 13:28:31 +02:00