We're updating the issue view to help you get more done. 

MCRStaticXMLFileServlet does not check read permissions

Description

If a static web page is requested and the site has read restrictions for the current user it must response with HttpServletResponse.SC_FORBIDDEN.

Environment

None

Status

Assignee

Thomas Scheffler

Reporter

Thomas Scheffler

Labels

None

External issue ID

None

External issue ID

None

External issue ID

None

URL

None

External issue ID

None

External issue ID

None

Components

Fix versions

Affects versions

2014.06.0
2015.02
2014.12

Priority

Medium