Hi,

I would like to confirm whether access to the endpoint /api/schemas/history/[schemaId] is intended to be publicly accessible.

Currently, it appears that while endpoints like /api/schemas/[id] are protected and require appropriate permissions, the /api/schemas/history/[schemaId] endpoint returns schema history data without any authentication or permission checks — as long as a valid schemaId is provided.

Could you please clarify whether this behavior is by design? If not, this may represent an unintended information disclosure vulnerability.

Thanks!