Details
-
Bug
-
Resolution: Fixed
-
Medium
-
2.1, 2.2
-
None
Description
The CAPTCHA provider stores data in a temporary file in java.io.tmpdir. When you run multiple copies of Confluence with CAPTCHA enabled on the same server, they all use the same temp file. Hilarity ensues.
Also, there are security issues with creating predictable files in /tmp.
We should fix the CAPTCHA provider to store its temp files in confluence.home/temp