[jira] [Commented] (OAK-10334) Node.addMixin() may overwrite existing mixins

Thu, 28 Sep 2023 08:59:05 -0700 


    [ 
https://issues.apache.org/jira/browse/OAK-10334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17770145#comment-17770145
 ] 

Julian Reschke commented on OAK-10334:
--------------------------------------

trunk: 
[e91361faa5|https://github.com/apache/jackrabbit-oak/commit/e91361faa59349b0fb389c159399cc27071c0f58]
 (1.56.0) 
[46109d1d84|https://github.com/apache/jackrabbit-oak/commit/46109d1d8434aabb25f18d5c25afc0cb9414fe4f]
 
[028e8d3618|https://github.com/apache/jackrabbit-oak/commit/028e8d3618895e40031d3fe2958378a80859f5f9]
 
[cf521f072e|https://github.com/apache/jackrabbit-oak/commit/cf521f072e0006b4dc5145e6997cef868c644d45]
 (1.54.0) 
[0b8223f113|https://github.com/apache/jackrabbit-oak/commit/0b8223f11383e465dbc77bea04337e0c08f28079]
 
[2c83efbefc|https://github.com/apache/jackrabbit-oak/commit/2c83efbefc0e7dd832e598606e0f002a241f3fc4]


> Node.addMixin() may overwrite existing mixins
> ---------------------------------------------
>
>                 Key: OAK-10334
>                 URL: https://issues.apache.org/jira/browse/OAK-10334
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: jcr
>            Reporter: Marcel Reutegger
>            Assignee: Marcel Reutegger
>            Priority: Major
>             Fix For: 1.58.0
>
>
> A Session lacking permission to read property jcr:mixinTypes, but permission 
> to write will overwrite existing mixins when calling Node.addMixin().
> The implementation does not check if the session has permission to read 
> jcr:mixinTypes and assumes there are no existing values when the session does 
> not have permission. The result is a jcr:mixinTypes property with only a 
> single value passed to addMixin().



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to