Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Postpone deprecation of unauthenticated access to Badge API #4502

Merged
merged 1 commit into from
Jan 5, 2025
Merged

Postpone deprecation of unauthenticated access to Badge API #4502

merged 1 commit into from
Jan 5, 2025

Conversation

SaberStrat
Copy link

Remove deprecation notice for unauthenticated access to the Badge API, as the use of API keys for authenticated access comes with risks too that the maintainer of the DT instance has to weigh against the use of unauthenticated access which does not use API keys.

Description

Addressed Issue

Closes #4500

Additional Details

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have added corresponding update logic
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

Remove deprecation notice and inform of risks
fce3825 
Remove deprecation notice for unauthenticated access to the Badge API,
as the use of API keys for authenticated access comes with risks too
that the maintainer of the DT instance has to weigh against the use of
unauthenticated access which does not use API keys.

Signed-off-by: Kirill.Sybin <[email protected]>
@nscuro nscuro added the documentation Improvements or additions to documentation label Jan 3, 2025
@nscuro nscuro added this to the 4.13 milestone Jan 3, 2025
nscuro
nscuro approved these changes Jan 3, 2025
View reviewed changes
Copy link
Member

@nscuro nscuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense. Once we have a more appropriate solution (#4227) we can remove the API key authentication completely again.

@nscuro
Copy link
Member

nscuro commented Jan 3, 2025

@SaberStrat Did you mean to make more changes? If not, please change the PR to ready for review.

@SaberStrat SaberStrat marked this pull request as ready for review January 3, 2025 21:23
@SaberStrat
Copy link
Author

Thanks for the review!

I just wanted to create a corresponding issue and PR for the frontend first to have everything ready, but just for organization's sake. Both should be done for the targeted release though. The order in which these two are merged in their corresponding repos doesn't really matter of course.

Here's the frontend issue: DependencyTrack/frontend#1127. Will try to create the PR later today or tomorrow.

@nscuro nscuro merged commit 70bf978 into DependencyTrack:master Jan 5, 2025
5 checks passed
@SaberStrat SaberStrat deleted the feature/postpone-deprecation-of-unauthenticated-badges branch January 6, 2025 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nscuro nscuro nscuro approved these changes

Assignees
No one assigned
Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
4.13
Development

Successfully merging this pull request may close these issues.

Postpone deprecation of unauthenticated access to Badge API
2 participants
@SaberStrat @nscuro