Tellier Benoit created MAILBOX-219: -------------------------------------- Summary: A user with any right on a mailbox gets full rights on the given mailbox. Key: MAILBOX-219 URL: https://issues.apache.org/jira/browse/MAILBOX-219 Project: James Mailbox Issue Type: Bug Components: api Affects Versions: 0.5 Environment: James uses binary operation code in order to store user's ACL on a single int.
This was buggy as a or was used to see if the user have a given right. A and should have been used. So, as a consequence, setting any write to a user gives him full rights on the given mailbox, wich is a major security issue. All mailbox implementations are affected. Reporter: Tellier Benoit -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org