## Overview
Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. UPDATE: This means that the API sometimes returns more objects than it should.

## Am I Affected?

The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`.

## Fix
Update to v1.3.1.

## Backward Compatibility
This update is backward compatible.Read More