-
Type:
Bug
-
Status: Resolved
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 2.10.2, 2.10.3
-
Fix Version/s: 2.10.4
-
Component/s: Authentication & Authorization
-
Labels:None
Just set jspwiki.usePageCache to false, and find out (by accident) that ACLs are not taken into account anymore, leading to a major leak of information from pages that were not supposed to be viewable.
- duplicates
-
JSPWIKI-1067 View-only ACLs are not enforced
-
- Resolved
-
- is duplicated by
-
JSPWIKI-1047 Access Control Lists do not work if page cache is deactivated
-
- Resolved
-