[ 
https://issues.apache.org/jira/browse/JSPWIKI-1039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Harvey Echain updated JSPWIKI-1039:
-----------------------------------
    Security:     (was: Security Vulnerability Disclosure)

> ACLs are not taken into account when cache is disabled
> ------------------------------------------------------
>
>                 Key: JSPWIKI-1039
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-1039
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication & Authorization
>    Affects Versions: 2.10.2, 2.10.3
>            Reporter: Harvey Echain
>            Priority: Critical
>
> Just set jspwiki.usePageCache to false, and find out (by accident) that ACLs 
> are not taken into account anymore, leading to a major leak of information 
> from pages that were not supposed to be viewable.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to