We have observed the below issues with /atomfeed-console/apps api :
unnecessarily exposing credentials of all databases.
exposed without any authentication
This is a critical issues needs to be fixed ASAP.
For now we went ahead and stopped atomfeed-console service in all our qa, demo environments.
We need to communicate this to Bahmni Implementations and suggest the hack of stopping atomfeed-console for now see how to go about mitigating the issue.
Tech
1. AppController - change the method to return only array of objects containing “appName”
2. HomePageCtrl.js - remove the console.log() statement
Updated atomfeed-console version to 1.1 in the bahmni-playbooks to get the latest atomfeed-console.rpm packaged with bahmni-installer. Pushed changes to master branch and cherry-picked the commit to release-0.91 and release-0.92. Below are the commit details
master -> https://github.com/Bahmni/bahmni-playbooks/commit/2c92815ddbe9d91f2f86889a983e4eba8ff0d12a
release-0.92 -> https://github.com/Bahmni/bahmni-playbooks/commit/90ce6386a3473aca3a2cca615c827f8ad9613e55
release-0.91 -> https://github.com/Bahmni/bahmni-playbooks/commit/96647f6fb84fa8b0630750a36590b8749e4da285
Tested atomfeed-console version on product-qa03(0.92) env and it has latest version 1.1. The same needs to be tested for master(0.93) and 0.91.