[
https://issues.apache.org/jira/browse/OAK-920?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13889466#comment-13889466
]
angela commented on OAK-920:
----------------------------
the problem seems to be pretty fundamental to the way Oak core is doing the
copy operation, which basically just looks at the accessibility of the
copy-target and doesn't assert the accessibility of the items in the subtree.
since this is IMO a bigger security issue, i changed the severity to 'critical'.
> Proper permission handling upon Workspace#copy
> ----------------------------------------------
>
> Key: OAK-920
> URL: https://issues.apache.org/jira/browse/OAK-920
> Project: Jackrabbit Oak
> Issue Type: Sub-task
> Components: core, jcr
> Reporter: angela
> Assignee: Marcel Reutegger
> Priority: Critical
> Fix For: 0.17
>
>
> afaik in jackrabbit-core only accessible items were copied over to the
> target location and it seems to me that this restriction is missing in OAK.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
