[ https://issues.apache.org/jira/browse/SLING-9768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Radu Cotescu resolved SLING-9768. --------------------------------- Fix Version/s: Scripting HTL Testing Content 1.0.22-1.4.0 Scripting HTL Testing 1.0.24-1.4.0 Resolution: Fixed Implemented changes in: * [commit 714cc2d|https://github.com/apache/sling-org-apache-sling-scripting-core/commit/714cc2d] * [commit f34a9b3|https://github.com/apache/sling-org-apache-sling-scripting-sightly/commit/f34a9b3] * [commit 33c3f8f|https://github.com/apache/sling-org-apache-sling-scripting-sightly-testing-content/commit/33c3f8f] * [commit 804f280|https://github.com/apache/sling-org-apache-sling-scripting-sightly-testing/commit/804f280] > The org.apache.sling.api.scripting.SlingScript#getScriptResource > implementations should not leak the scripting resolver > ----------------------------------------------------------------------------------------------------------------------- > > Key: SLING-9768 > URL: https://issues.apache.org/jira/browse/SLING-9768 > Project: Sling > Issue Type: Bug > Components: Scripting > Affects Versions: Scripting Core 2.3.0, Scripting HTL Engine 1.4.2-1.4.0 > Reporter: Radu Cotescu > Assignee: Radu Cotescu > Priority: Major > Fix For: Scripting Core 2.3.4, Scripting HTL Engine 1.4.4-1.4.0, > Scripting HTL Testing 1.0.24-1.4.0, Scripting HTL Testing Content 1.0.22-1.4.0 > > > Since the {{SlingScript}} is usually made available via the {{bindings}} to > the current executing script, the resolver that can be accessed via > {{org.apache.sling.api.scripting.SlingScript#getScriptResource}} should not > give elevated access to the caller. This means that either the caller is > responsible for the mapped resolver (by getting a mapped resolver to the > bundle the caller comes from via script precompilation), or the resolver > should be the request resolver. -- This message was sent by Atlassian Jira (v8.3.4#803005)