[ https://issues.apache.org/jira/browse/JCR-2646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela resolved JCR-2646. ------------------------- Resolution: Fixed > AccessControlManager#getEffectivePolicies(String) may expose AC content > without proper permissions > -------------------------------------------------------------------------------------------------- > > Key: JCR-2646 > URL: https://issues.apache.org/jira/browse/JCR-2646 > Project: Jackrabbit Content Repository > Issue Type: Bug > Components: jackrabbit-core > Affects Versions: 2.0.0, 2.1.0 > Reporter: angela > Assignee: angela > Priority: Minor > Fix For: 2.2.0 > > > The implementation of AccessControlManager#getEffectivePolicies(String) in > the DefaultAccessManager only checks if the session is allowed > to read AC content at the specified path. However the result may also include > policies effective at absPath that should not be visible to the editing > session (read_AC permissions denied e.g. at an ancestor node) and could not > be read by the editing session be means of #getPolicies(). -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.