[JCR-3858] NodeIterator.getSize(): compatibility with Jackrabbit 2.5 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.6.2, 2.7
Fix Version/s: None
Component/s: None
Labels:
None

Description

In Jackrabbit 2.5 and older, the query result set (NodeIterator.getSize()) was an estimation that sometimes included nodes that are not visible for the current user.

This is a possible security problem. The behavior was changed (and the security problem fixed) in ~~JCR-3402~~. However, this is an incompatibility with Jackrabbit 2.5.

I suggest to make this configurable in workspace.xml / repository.xml (or a system property, if that turns out to be too complicated). The default is the current (secure) behavior, with the option to use the old variant.

Attachments

Activity

People

Assignee:: Thomas Mueller

Reporter:: Thomas Mueller

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11/Mar/15 08:44

Updated:: 18/Dec/19 12:39

Resolved:: 17/Mar/15 14:51