[
https://issues.apache.org/jira/browse/SLING-10281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17656112#comment-17656112
]
Konrad Windszus commented on SLING-10281:
-----------------------------------------
As in https://lists.apache.org/thread/7mvc2jvxltvrrntklzm1gzfmf0jy3mhc we
reached consensus that we should not change implementation in a potentially
backwards incompatible ways, I proposed in
https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/28 a new
statement {{ensure principal ACL}} which has the stricter semantics.
> Revert SLING-9449: set principal ACL should throw an Exception it it fails
> --------------------------------------------------------------------------
>
> Key: SLING-10281
> URL: https://issues.apache.org/jira/browse/SLING-10281
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
> Affects Versions: Repoinit JCR 1.1.34
> Reporter: Konrad Windszus
> Assignee: Konrad Windszus
> Priority: Major
> Fix For: Repoinit JCR 1.1.44
>
> Time Spent: 8h 20m
> Remaining Estimate: 0h
>
> As highlighted in the last comment of SLING-9449, repoinit should use
> exceptions when some statements cannot be applied (as that leads to an
> undesired repository state). In the worst case it could lead to privilege
> escalation
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
