Details
-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
Severity 3 - Minor
-
1
-
Description
Some customers require a high level of security/privacy for their users. At this time, an anonymous or non-logged in user can visitviewAdministrators.action and review contact details.
While there is the current ability to hide the associated user information such as IM groups and email, this will still leave a list of user names.
An improvement for Bamboo will to be to allow the hiding of all information on this page, or, enable this page to be disabled completely or redirected.
Workaround
- Edit <bamboo install dir>/atlassian-bamboo/WEB-INF/classes/struts.xml
- Look for action name="viewAdministrators"
- Comment out the whole block:
<!-- <action name="viewAdministrators" class="com.atlassian.bamboo.ww2.actions.admin.user.ViewAdministrators"> <result name="success" type="freemarker">/admin/user/viewAdministrators.ftl</result> </action> -->
- Restart Bamboo
Visiting viewAdministrators.action will result in a Page Not Found error.
Attachments
Issue Links
- is related to
-
BAM-16461 Configuration option to lock down "Contact Administrators" on the Bamboo pages footer.
- Closed
-
BAM-20600 As an administrator I want to be able to disable the list of administrators
- Gathering Interest
-
BDEV-13028 Loading...