[#ZBXNEXT-6387] Limit access to session

[ZBXNEXT-6387] Limit access to session_key from settings.get Created: 2020 Oct 21 Updated: 2024 Apr 10 Resolved: 2020 Dec 14
Status:	Closed
Project:	ZABBIX FEATURE REQUESTS
Component/s:	API (A), Documentation (D)
Affects Version/s:	None
Fix Version/s:	5.2.3rc1, 5.4.0alpha1, 5.4 (plan)

Type:

New Feature Request

Priority:

Major

Reporter:

Valdis Murzins

Assignee:

Roberts Lataria (Inactive)

Resolution:

Fixed

Votes:

Labels:

cookie, security

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Attachments:

Selection_020.png

Issue Links:

Causes
caused by	~~ZBX-18799~~	PHP fatal error happens if working wi...	Closed

Team:

Team D

Sprint:

Sprint 71 (Dec 2020)

Story Points:

0.25

Description

It should not be possible to retrieve session_key by just using settings.get or settings.getglobal.
This option should be returned in these requests, only if these requests are done from frontend.

Comments

Comment by Roberts Lataria (Inactive) [ 2020 Dec 02 ]

Fixed in:

5.2.3rc1 086358a6668, e02d5b45d87
5.4.0alpha1 (master) 785bafcddaa, 144e9caac7b

Updated documentation:

Settings object: 5.2, 5.4 (session_key removed)
settings.get: 5.2, 5.4 (example updated)
settings.getglobal: 5.2 (added note about method removed in 5.2.3)
settings.getglobal: all page removed in 5.4
API changes: 5.2

Generated at Wed Apr 02 13:55:54 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.

[ZBXNEXT-6387] Limit access to session_key from settings.get Created: 2020 Oct 21 Updated: 2024 Apr 10 Resolved: 2020 Dec 14