[buddypress-trac] [BuddyPress Trac] #6504: Messages viewable to any logged out visitor
buddypress-trac
noreply at wordpress.org
Mon Jun 15 09:16:36 UTC 2015
#6504: Messages viewable to any logged out visitor
-----------------------------------+------------------------------
Reporter: CodeMonkeyBanana | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Component - Messaging | Version:
Severity: major | Resolution:
Keywords: has-patch |
-----------------------------------+------------------------------
Comment (by hnla):
>PS. I chose "I am not reporting a security issue" because this isn't a
security issue with wordpress, it is buddypress specific. Was that wrong?
While this might not be a security issue it is a privacy issue and many
sites and communities take this quite seriously, wanting sites and
communities that are private for members only and this sort of issue
knocks their confidence. It probably shouldn't have been raised in this
public manner but addressed directly to one of the lead developers, JJJ
initially, and slack provides an easy DM approach to alerting to a
potential problem, with obviously security at wordpress in addition or as
fallback.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6504#comment:10>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list