Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
5.2.10, 5.2.11, 6.0.5, 6.3.15, 6.4.2, 7.0.2, 7.0.5, 7.3.0, 7.0.0, 8.7.1
-
5.02
-
25
-
Severity 2 - Major
-
3
-
Description
Summary
When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream.
Steps to Reproduce
- Set up a test user (JIRA Users).
- Enable comment visibility to support groups as per Configuring JIRA Options.
- With an admin user, log work on an issue and set the visibility to a group.
- Access an activity stream with the test user (JIRA Users).
Expected Results
The Activity Stream does not expose information about the log work event to the user.
Actual Results
The Activity Streams leaks the worklog comment, despite being marked as restricted to a specific group.
Workaround
Disable group comment visibility, or ensure users only restrict worklogs to project roles.
Attachments
Issue Links
- is duplicated by
-
JRASERVER-37341 Activity stream can show more data than expected
- Closed
-
JRASERVER-45477 Activity Stream displaying log work when the visibility is restricted
- Closed
- was cloned as
-
JRACLOUD-65036 Restricted Work Log entries show in the Activity Stream for JIRA Cloud
- Closed
-
RAID-481 Loading...
- causes
-
STRM-2130 Loading...
- is cloned from
-
STRM-2183 Loading...