mirror of
https://github.com/sct/overseerr.git
synced 2025-12-27 00:34:56 +01:00
620135aeac
By default, the jellyfinAuthToken of every user was always retrieved from the database, and sometimes sent back to the client. Any logged-in user could retrieve this token via a request containing admin user information, and use it to gain full access to Jellyfin. This PR removes the auth token and the device ID from the fields selected by default by TypeORM.