Search shows issues from projects not enabled for user
Hi,
if I just click the search button at the top without entering any search term, I'm used to getting all issues, nice and convenient. However, it seem a user that has access only to a couple of projects sees issues from all other projects as well when doing this empty search. When he user clicks on such a non-allowed issue, he is redirected to his home screen, so he can't actually see the issue. But this still is a big security concern for us.
I'm on Gemini 3.6.2. b2583
duncan
· 1 |
|
Tuesday, February 2, 2010, 6:44:09 PM |
0
|
We are investigating and will report back as soon as we manage to replicate it. |
||||
|
0
|
Is it possible to send a zipped backup of your database to support at countersoft dot com? Just tried to replicate it and it works for me. Will keep trying to recreate! |
||||
|
0
|
No problem, I'll send the DB over. I'm using GMBP (mailboxprocessing.com), and it seems this only happens when a user sends an email, GMBP receives it and adds the issue with the user as issue reporter. So the user can find the issue in a search probably because technically he created the issue, but cannot view it because he has no access to the project. |
||||
|
0
|
Thank you, we have identified an issue and have fixed it, please upgrade to 3.6.3: http://www.countersoft.com/downloads.aspx |
||||
|
0
|
We are on 3.6.1 Where can I find the downlioads to upgrade to 3.6.5 ? regards Heiko |
||||
|
0
|
|
||||
|
0
|
I owe you one (next time you are in Hamburg). |
||||
|
0
|
Hamburg here I come... ;) |
||||
|