-
Task
-
Resolution: Fixed
-
Critical
-
3.0 RC2
-
None
-
-
Empty show more show less
-
Empty show more show less
Its a breach of security if we set System context if nothing is set, A simple example would be if you call a JSP from within your template you will have full access without even realizing.
If its a problem that workflow engine cannot set proper permissions, we can set SystemContext there instead of leaving this security hole.
Acceptance criteria