Restricted Work Log entries show in the Activity Stream for JIRA Cloud

XMLWordPrintable

    • 1
    • Severity 2 - Major

      Summary

      When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream.

      Steps to Reproduce

      1. Set up a test user (JIRA Users).
      2. Enable comment visibility to support groups as per Configuring JIRA Options.
      3. With an admin user, log work on an issue and set the visibility to a group.
      4. Access an activity stream with the test user (JIRA Users).

      Expected Results

      The Activity Stream does not expose information about the log work event to the user.

      Actual Results

      The Activity Streams leaks the worklog comment, despite being marked as restricted to a specific group.

      Workaround

      Disable group comment visibility, or ensure users only restrict worklogs to project roles.

            Assignee:
            David Tang (Inactive)
            Reporter:
            MikeyS
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: