Details
-
Bug
-
Resolution: Fixed
-
Medium
-
3.12, 3.12.1, 3.12.2
-
3.12
-
Description
Every Jira attachment can be downloaded using infinite number of different urls which satisfy the following pattern - /secure/attachment/\d+/.*
For example, If the attached resource is "/secure/attachment/1234/index.html" then the same resource can be be downloaded using "/secure/attachment/1234/anypath".
In our case this behavior causes a problem if external search engine crawls the Jira site.
If the attachment is indexed resource ( for example html file ) with relative links inside then it leads to infinite loop in the indexing of the site's content.