Gemini Community Support Site

This Gemini community support site can be used to find solutions to product issues. You can log in using Open Id, Google Profile and even Facebook. Feel free to ask a question or browse FAQs and documentation. Product tour videos are also available along with how-to videos demonstrating key Gemini capabilities.




Comment visibility - security issue

web-app

Hi!

It seems that comment visibility is not handled very well by Gemini. In my setup, I have a user group for internal users and one for customers. I can mark comments to be viewable only by users of the internal users group, no problem. But there are two problems, one of which is annoying, the other one utterly unacceptable:

  1. Users who shouldn't be allowed to see certain comments still see the complete NUMBER of comments (e.g. below the issue description they see "Comments (6)" but only two comments are visible for them).

  2. Regardless of whether users should be allowed to view comments or not, if they click on "Print Friendly", the can see ALL comments on the resulting page, completely bypassing all permission settings! This, of course, is a major security issue, one I'm glad I found before actually implementing Gemini!

Please fix this bug ASAP, as other Gemini customers might have this problem as well without ever noticing.

Thanks,

Regards,

Martin Segur.

duncan
· 1
duncan
Replies (3)
helpful
0
not helpful

Which version of Gemini are you running?

This should be fixed in the latest release, 3.5.4.


Saar Cohen
· 5000
Saar Cohen
helpful
0
not helpful

I'm on 3.5.3. Thanks for the quick reply, I'll update and check this right away.


duncan
· 1
duncan
helpful
0
not helpful

Thanks, it works with 3.5.4. That's the way I like it: a bug is resolved before I even report it ;)


duncan
· 1
duncan