- π§πͺBelgium LOBsTerr
I think, it is ok to allow users to view a group, if we have invitation to it.
-
LOBsTerr β
committed 0aa28234 on 2.x
Issue #3293317 by LOBsTerr: Users cannot see the name of the Group that...
-
LOBsTerr β
committed 0aa28234 on 2.x
-
LOBsTerr β
committed 14ff4e95 on 3.0.x
Issue #3293317 by LOBsTerr: Users cannot see the name of the Group that...
-
LOBsTerr β
committed 14ff4e95 on 3.0.x
-
LOBsTerr β
committed a5d6651e on 4.0.x
Issue #3293317 by LOBsTerr: Users cannot see the name of the Group that...
-
LOBsTerr β
committed a5d6651e on 4.0.x
- Status changed to Fixed
9 months ago 10:45pm 2 October 2023 - ππΊHungary mxr576 Hungary
Since there is no tagged release with these changes, let me discuss it publicly here: I wonder if not bubbling up cacheability information from those invites that granted view/view label access to group could lead to information disclosure vulnerability when an invitation is deleted/revoked.
- ππΊHungary mxr576 Hungary
and that ticket is π Add cache tags for invitations, when we allow to see a group Active
Automatically closed - issue fixed for 2 weeks with no activity.