[jira] [Updated] (JSPWIKI-1039) ACLs are not taken into account when cache is disabled

Harvey Echain (JIRA) Wed, 28 Feb 2018 03:31:19 -0800

     [ 
https://issues.apache.org/jira/browse/JSPWIKI-1039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Harvey Echain updated JSPWIKI-1039:
-----------------------------------
    Security:     (was: Security Vulnerability Disclosure)

> ACLs are not taken into account when cache is disabled
> ------------------------------------------------------
>
>                 Key: JSPWIKI-1039
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-1039
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication &amp; Authorization
>    Affects Versions: 2.10.2, 2.10.3
>            Reporter: Harvey Echain
>            Priority: Critical
>
> Just set jspwiki.usePageCache to false, and find out (by accident) that ACLs 
> are not taken into account anymore, leading to a major leak of information 
> from pages that were not supposed to be viewable.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (JSPWIKI-1039) ACLs are not taken into account when cache is disabled

Reply via email to