-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: viewer-wicket-1.6.0
-
Fix Version/s: viewer-wicket-1.7.0
-
Component/s: Isis Viewer Wicket
-
Labels:None
Otherwise, an unauthorized user could:
a) discover (by constructing a URL) that an object exists, and
b) worse, could view the title of said object, which would leak information about the object's state even if the object's properties were not visible.