[
https://issues.apache.org/jira/browse/JSPWIKI-1039?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16420898#comment-16420898
]
ASF subversion and git services commented on JSPWIKI-1039:
----------------------------------------------------------
Commit 28489c5c43a8cfa74fc4aa1ac669daa9b67d37b5 in jspwiki's branch
refs/heads/master from juanpablo
[ https://gitbox.apache.org/repos/asf?p=jspwiki.git;h=28489c5 ]
JSPWIKI-1039 / JSPWIKI-1067: ACLs are not taken into account when cache is
disabled / View-only ACLs are not enforced
> ACLs are not taken into account when cache is disabled
> ------------------------------------------------------
>
> Key: JSPWIKI-1039
> URL: https://issues.apache.org/jira/browse/JSPWIKI-1039
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication & Authorization
> Affects Versions: 2.10.2, 2.10.3
> Reporter: Harvey Echain
> Priority: Critical
>
> Just set jspwiki.usePageCache to false, and find out (by accident) that ACLs
> are not taken into account anymore, leading to a major leak of information
> from pages that were not supposed to be viewable.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
