[
https://issues.apache.org/jira/browse/SLING-10281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17364265#comment-17364265
]
Bertrand Delacretaz commented on SLING-10281:
---------------------------------------------
Thanks for the info. Looking at PR #14 I think there's one comment from
@anchela that we haven't addressed so far:
{quote}
this is still a major change that might lead to regressions for those cases
that don't yet use 'with forced' path for the system user creation
{quote}
I'm not sure about the implications, and maybe we need to enforce that 'with
forced path' option to avoid problems? I think we need to clarify that, will
leave this issue out of the release I'm doing now.
> Revert SLING-9449: set principal ACL should throw an Exception it it fails
> --------------------------------------------------------------------------
>
> Key: SLING-10281
> URL: https://issues.apache.org/jira/browse/SLING-10281
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
> Affects Versions: Repoinit JCR 1.1.34
> Reporter: Konrad Windszus
> Assignee: Konrad Windszus
> Priority: Major
> Fix For: Repoinit JCR 1.1.38
>
> Time Spent: 7h
> Remaining Estimate: 0h
>
> As highlighted in the last comment of SLING-9449, repoinit should use
> exceptions when some statements cannot be applied (as that leads to an
> undesired repository state). In the worst case it could lead to privilege
> escalation
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
