-
Don't expose a user's private token in the `/api/v3/user` API. · 727dff3fTimothy Andrew authored
- This would allow anyone with a personal access token (even a read-only token, once scopes are implemented) to escalate their access by obtaining the private token.
727dff3f
×