Hello there 
We have released a new version with a security fix.
Please be sure to update Strapi to the latest version with the sanitization issues fixed 
Take care and stay tuned for more updates!
3 Likes
I’d be interested to know if there’s a feature request to change how model data works by default?
It’s quite easy to miss a sanitize function like this and it is also pretty dangerous to do so given it can leak all sorts of user info. Would changing the approach to be secure by default unless you request extra info make more sense? I realize this is an interface change, but for the sake of security feels like it might be a good one.
@IPWright83 it might be better to move this to a discussion 
Just so we aren’t carrying on a conversation in a release thread