chore(release-note): Fix bug when a token is given public only
This commit is contained in:
parent
a052d2b602
commit
9b63e3e88d
1 changed files with 1 additions and 0 deletions
1
release-notes/5515.md
Normal file
1
release-notes/5515.md
Normal file
|
@ -0,0 +1 @@
|
|||
**Fixing this bug is a breaking change because existing tokens with a public scope will no longer return private resources. They have to be deleted and re-created without the public scope to restore their original behavior**. The public scope of an application token does not filter out private repositories, organizations or packages in some cases. This scope is not the default, it has to be manually set via the web UI or the API. When the public scope is explicitly added to an application token that is allowed to list the repositories and packages of a user or an organization, it is meant as a restriction. For instance if a user has two repositories, one private and the other publicly visible, a token with the public scope used with the API endpoint listing the repositories that belong to this user must only return the publicly visible one and not reveal the existence of the private one.
|
Loading…
Add table
Reference in a new issue