Details
-
Bug
-
Resolution: Fixed
-
Medium
-
1
-
Severity 2 - Major
-
Description
Summary
When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream.
Steps to Reproduce
- Set up a test user (JIRA Users).
- Enable comment visibility to support groups as per Configuring JIRA Options.
- With an admin user, log work on an issue and set the visibility to a group.
- Access an activity stream with the test user (JIRA Users).
Expected Results
The Activity Stream does not expose information about the log work event to the user.
Actual Results
The Activity Streams leaks the worklog comment, despite being marked as restricted to a specific group.
Workaround
Disable group comment visibility, or ensure users only restrict worklogs to project roles.
Attachments
Issue Links
- is cloned from
-
JRASERVER-34022 Restricted Work Log entries show in the Activity Stream in JIRA Server
- Gathering Impact