Restricted Work Log entries show in the Activity Stream in JIRA Server

Summary

When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream.

Steps to Reproduce

1. Set up a test user (JIRA Users).
2. Enable comment visibility to support groups as per Configuring JIRA Options.
3. With an admin user, log work on an issue and set the visibility to a group.
4. Access an activity stream with the test user (JIRA Users).

Expected Results

The Activity Stream does not expose information about the log work event to the user.

Actual Results

The Activity Streams leaks the worklog comment, despite being marked as restricted to a specific group.

Workaround

Disable group comment visibility, or ensure users only restrict worklogs to project roles.