Security Advisory - 08/08/2018

[Taranveer Virk]

LoopBack Security Advisory (8/8/2018) => The default ACL for AccessToken model has security concerns. If the model is explicitly exposed as a REST API, anyone can create a token. By default, the model is PRIVATE and there is NO RISK. More details at https://loopback.io/doc/en/lb3/Security-advisory-08-08-2018.htmlhttps://loopback.io/doc/en/lb3/Security-advisory-08-08-2018.htmlhttps://loopback.io/doc/en/lb3/Security-advisory-08-08-2018.html