0.13.0 / 2016-07-30
This update fixes one security issue and one small bug fix. Upgrading is recommended.
Upgrade Instructions
If you're upgrading a previous API Umbrella version, you may upgrade the api-umbrella
package using your package manager.
Security
- Removed the configuration import/export tool from the admin: This import/export tool could have presented a security issue if admin accounts with limited privilege scopes existed. These less-privileged admins could have viewed all API backend configuration, including API backends outside of their scoped permissions (however, they would not have been able to change the API backend configuration). Since the import/export tool has not been maintained and has other bugs, it has been removed entirely. If you still have a need for this tool, please let us know. (#272)
Fixed
- Don't show the "Beta Analytics" checkbox by default: In the admin analytics interface, a "Beta Analytics" checkbox appeared in v0.12, but this should only be shown if the experimental Hadoop/Kylin-based analytics is actually enabled. (c606261)