Thomas Mueller created JCR-3858: ----------------------------------- Summary: NodeIterator.getSize(): compatibility with Jackrabbit 2.5 Key: JCR-3858 URL: https://issues.apache.org/jira/browse/JCR-3858 Project: Jackrabbit Content Repository Issue Type: New Feature Affects Versions: 2.7, 2.6.2 Reporter: Thomas Mueller Assignee: Thomas Mueller
In Jackrabbit 2.5 and older, the query result set (NodeIterator.getSize()) was an estimation that sometimes included nodes that are not visible for the current user. This is a possible security problem. The behavior was changed (and the security problem fixed) in JCR-3402. However, this is an incompatibility with Jackrabbit 2.5. I suggest to make this configurable in workspace.xml / repository.xml (or a system property, if that turns out to be too complicated). The default is the current (secure) behavior, with the option to use the old variant. -- This message was sent by Atlassian JIRA (v6.3.4#6332)