memos

History

memoclaw 9d3a74bccc fix(api): make credentials write-only and restrict sensitive settings to admins Security fixes for credential leakage across three resources: - NOTIFICATION setting: restrict GetInstanceSetting to admin-only (was publicly accessible, exposing SMTP credentials) - SMTP password: never return SmtpPassword in API responses (write-only) - S3 secret: never return AccessKeySecret in API responses (write-only) - OAuth2 ClientSecret: never return in API responses for any role (was previously returned to admins); remove redactIdentityProviderResponse in favor of omitting the field at the conversion layer - Preserve-on-empty: when updating settings with an empty credential field, preserve the existing stored value instead of overwriting (applies to SmtpPassword, AccessKeySecret, and ClientSecret) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-29 07:34:00 +08:00
..
v1	fix(api): make credentials write-only and restrict sensitive settings to admins	2026-03-29 07:34:00 +08:00

memoclaw 9d3a74bccc fix(api): make credentials write-only and restrict sensitive settings to admins

Security fixes for credential leakage across three resources:

- NOTIFICATION setting: restrict GetInstanceSetting to admin-only
  (was publicly accessible, exposing SMTP credentials)
- SMTP password: never return SmtpPassword in API responses (write-only)
- S3 secret: never return AccessKeySecret in API responses (write-only)
- OAuth2 ClientSecret: never return in API responses for any role
  (was previously returned to admins); remove redactIdentityProviderResponse
  in favor of omitting the field at the conversion layer
- Preserve-on-empty: when updating settings with an empty credential
  field, preserve the existing stored value instead of overwriting
  (applies to SmtpPassword, AccessKeySecret, and ClientSecret)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-29 07:34:00 +08:00

fix(api): make credentials write-only and restrict sensitive settings to admins

2026-03-29 07:34:00 +08:00