path: root/changelogs/unreleased/security-10-4-todo-api-reveals-sensitive-information.yml

---
title: Restrict Todo API mark_as_done endpoint to the user's todos only
merge_request:
author:
type: security