Issue Details (XML | Word | Printable)

Key: JRA-11911
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Critical Critical
Assignee: Tim Pettersen [Atlassian]
Reporter: Gerald Jimenez
Votes: 1
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
JIRA

Able to add attachements altough session is time out

Created: 10/Jan/07 06:34 PM   Updated: 11/Jan/07 10:18 PM
Component/s: Attachments
Affects Version/s: 3.7.1
Fix Version/s: 3.7.2

Time Tracking:
Not Specified

Environment: Linux 2.6.9-11.ELsmp

Participants: Gerald Jimenez and Tim Pettersen [Atlassian]
Since last comment: 1 year, 39 weeks, 1 day ago
Resolution Date: 11/Jan/07 10:18 PM
Labels:


 Description  « Hide
Security has been set to only allow up load of attachments to authenticated JIRA users. When a user session is timed out they are still able to upload attachments. If you provide a URL to upload attachment and your not logged in you are still able to add attachments.

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Tim Pettersen [Atlassian] added a comment - 11/Jan/07 10:18 PM
Fixed for 3.7.2 (which should be released shortly) - users can no longer add attachments to issues anonymously (unless annonymous attachment creation has been enabled in the active permission scheme). i.e. if a user's session times out or they're otherwise not logged in, they can't create attachments.


Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13-#330) - Bug/feature request - Atlassian news - Contact Administrators