isc_service_query() wrongly revealed the full database file spec
Feature request CORE-1091
(V.2.1) When the server is configured "DatabaseAccess = None",
isc_service_query()
would return the full database file path and name. It has been
corrected to return the database alias—one more argument in favour of making the use of database aliases
standard practice!
Any user could view the server log through the Services API
Feature request CORE-1148
This was a minor security vulnerability. Regular users are now blocked from retrieving the
server log using the Services API. Requests are explicitly checked to ensure that the authenticated
user is SYSDBA.