### Eclipse Workspace Patch 1.0
#P magnolia-module-dms
Index: src/main/java/info/magnolia/module/dms/DMSDownloadServlet.java
===================================================================
--- src/main/java/info/magnolia/module/dms/DMSDownloadServlet.java	(revision 47615)
+++ src/main/java/info/magnolia/module/dms/DMSDownloadServlet.java	(working copy)
@@ -70,10 +70,12 @@
 
     private static final Logger log = LoggerFactory.getLogger(DMSDownloadServlet.class);
 
+    @Override
     protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         doGet(request, response);
     }
 
+    @Override
     protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         try {
             process(request, response);
@@ -161,6 +163,11 @@
                     response.sendError(HttpServletResponse.SC_NOT_FOUND);
                     return;
                 }
+                // enforce extension match
+                if (!StringUtils.equals(MgnlContext.getAggregationState().getExtension(), doc.getFileExtension())) {
+                    response.sendError(HttpServletResponse.SC_NOT_FOUND);
+                    return;
+                }
             }
         }
         else if (path.startsWith("/dms-static/")) {