Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 4.0.0.Alpha3, 3.7.4.Final, 3.8.0.Final
Affects Version/s: 3.4.0.Final, 3.5.0.Final, 3.6.0.Final, 3.6.1.Final, 3.7.0.Final, 3.7.1.Final, 3.7.2.Final, 4.0.0.Alpha2, 3.7.3.Final
Component/s: JCR
Labels:
None

Git Pull Request:
https://github.com/ModeShape/modeshape/pull/1120

The Session.getNodeByIdentifier(String) method and the deprecated Session.getNodeByUUID(String) method do not check ACLs. This is not a problem when a repository does not use ACLs, but when it does these methods provide a security hole.

is related to

MODE-2211 Simplify ACL checks and make them more efficient

Resolved

Assignee:: Randall Hauch (Inactive)

Reporter:: Randall Hauch (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2014/05/15 5:14 PM

Updated:: 2014/05/19 2:22 PM

Resolved:: 2014/05/16 12:48 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates