[ https://issues.apache.org/jira/browse/OAK-10334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17842998#comment-17842998 ]
Julian Reschke commented on OAK-10334: -------------------------------------- Backport to 1.22 would be tricky, because https://issues.apache.org/jira/browse/OAK-9868 modified the exported API earlier on. > Node.addMixin() may overwrite existing mixins > --------------------------------------------- > > Key: OAK-10334 > URL: https://issues.apache.org/jira/browse/OAK-10334 > Project: Jackrabbit Oak > Issue Type: Bug > Components: jcr > Reporter: Marcel Reutegger > Assignee: Marcel Reutegger > Priority: Major > Labels: candidate_oak_1_22 > Fix For: 1.58.0 > > > A Session lacking permission to read property jcr:mixinTypes, but permission > to write will overwrite existing mixins when calling Node.addMixin(). > The implementation does not check if the session has permission to read > jcr:mixinTypes and assumes there are no existing values when the session does > not have permission. The result is a jcr:mixinTypes property with only a > single value passed to addMixin(). -- This message was sent by Atlassian Jira (v8.20.10#820010)