[
https://jira.nuxeo.org/browse/NXP-6003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Julien Carsique updated NXP-6003:
---------------------------------
Fix Version/s: 5.4.0.1
> incorrect security check in export restlet when Anonymous is enabled
> --------------------------------------------------------------------
>
> Key: NXP-6003
> URL: https://jira.nuxeo.org/browse/NXP-6003
> Project: Nuxeo Enterprise Platform
> Issue Type: Bug
> Components: Web API (REST or WS*)
> Affects Versions: 5.4
> Reporter: Stéphane Lacoin
> Assignee: Stéphane Lacoin
> Priority: Major
> Fix For: 5.4.0.1, 5.4.1
>
> Original Estimate: 0 minutes
> Remaining Estimate: 0 minutes
>
> Once authenticated, users that have no rights to access the exported root
> document get access to the content.
> This can be put easily in evidence by
> * creating a document note using the administrator account
> * exporting the document note using an anonymous access
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.nuxeo.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets
