Student Success Plan
  1. Student Success Plan
  2. SSP-1917

Confidentiality filters on student document list APIs not enforced

    Details

      Description

      Confidentiality Level filters are not being applied to the GET /ssp/api/1/person/<person-uuid>/studentdocument API.

        Activity

        Hide
        Dan McCallum added a comment -

        The 2.0.1 patch is 48f0b7c429bb1d41477b8a50bec968a3e39e181d

        The 2.1.0 patch is a527826ff201664e9a2dee15fdc0329cc9ad002c

        Tags are available with this fix only for the two released versions which are affected:

        2.0.0: https://github.com/Jasig/SSP/tree/ssp-2.0.0-sd-conf-levels

        2.0.0-b3: https://github.com/Jasig/SSP/tree/ssp-2.0.0-b3-sd-conf-levels

        Show
        Dan McCallum added a comment - The 2.0.1 patch is 48f0b7c429bb1d41477b8a50bec968a3e39e181d The 2.1.0 patch is a527826ff201664e9a2dee15fdc0329cc9ad002c Tags are available with this fix only for the two released versions which are affected: 2.0.0: https://github.com/Jasig/SSP/tree/ssp-2.0.0-sd-conf-levels 2.0.0-b3: https://github.com/Jasig/SSP/tree/ssp-2.0.0-b3-sd-conf-levels
        Show
        Dan McCallum added a comment - See the security advisory at: http://jasig.275507.n4.nabble.com/SSP-SECURITY-ADVISORY-Unenforced-Student-Documents-Confidentiality-Level-Visibility-Rules-tp4661317.html

          People

          • Assignee:
            Dan McCallum
            Reporter:
            Dan McCallum
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: