Revision properties are now checked for read access during propedits. This is done by making a GET subrequest to each of the changed paths in that revision. GETs are always checked for read access only. This enables anyone with ONLY read access to a path edit the log message for a revision that modified that path. The attached patch special cases these subrequests by checking for write access for all GET requests except if they are subrequests of PROPFIND or REPORT (in which case they are checked for read access).
Original issue reported by arwin