From 8b60a195771ee4d804463782b8c0e8a594336486 Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Thu, 29 Oct 2020 14:03:18 +0100
Subject: [PATCH] Don't leak to non-admin users the current installed version

---
 cps/admin.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cps/admin.py b/cps/admin.py
index f708fb0d..c0d1f39c 100644
--- a/cps/admin.py
+++ b/cps/admin.py
@@ -1029,7 +1029,8 @@ def send_logfile(logtype):
 
 
 @admi.route("/get_update_status", methods=['GET'])
-@login_required_if_no_ano
+@login_required
+@admin_required
 def get_update_status():
     log.info(u"Update status requested")
     return updater_thread.get_available_updates(request.method, locale=get_locale())