Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-2021

activation: security hole if you activate a new item

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Blocker
    • 3.5.4
    • 3.5.3
    • activation
    • None

    Description

      The url /ActivationHandler is not protected and if you activate a new item the security checks are bypassed (import)

      As from 3.5.4, the default activation URL is .magnolia/activation - The old url is supported through a VirtualURI

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                pbaerfuss Philipp Bärfuss
                pbaerfuss Philipp Bärfuss
                Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD