Security Concern: Unprotected Direct Download Links

[orlroc]

Hello everyone,

I have a security-related question regarding Zealot. I’ve noticed that links in the format /release/7 allow direct downloading of files without requiring authentication, unlike channel-based downloads that are password-protected.

This could potentially allow unauthorized users to download private application versions by simply guessing release numbers.

Is there a way to restrict downloads on these direct links, either by enforcing password protection or another authentication mechanism?

Thanks in advance for your help!

[icyleaf]

Thank you for reporting this issue. I will temporarily fix it as soon as possible. We will consider addressing the issue of the obviously guessable ID later.