php · jleehr/canto-saas-apiHeads-up
jleehr/canto-saas-api: OAuth2 token request now uses form-encoded POST body, exception messages sanitized
OAuth2 token request now sends credentials in form-encoded POST body instead of URL query parameters; exception messages are sanitized to mask secrets.
What changed
OAuth2 token request now sends credentials in form-encoded POST body instead of URL query parameters; exception messages are sanitized to mask secrets.
Who it affects
All users of jleehr/canto-saas-api versions prior to 3.0.0 who perform OAuth2 token requests.
What to do today
Upgrade to version 3.0.0 or apply workarounds: restrict access to logs and sanitize exception messages.
The trail
Collected→
Audited→
Written→
Published