Security Violation with Timeline Module and Groups
The following security violation exists within the Timeline Module relating to the Public Feed.
Any post that is made to a closed or secret group with the visibility of the post set to the closed or secret group appears in the timeline.
The problem however is that a portion of the content of the post is also visible.
Perhaps only the header should be displayed in the Public Feed of a closed group. If secret no item should appear.
None of the content of the post should be visible outside of Members of the Group Members.
Not even the content snippet. hitting more reveals even more of the private content.
-
-
·
Alex T⚜️
- ·
This problem should be already fixed. Please check if you are using the latest version of UNA and the modules.
-
·
Alex T⚜️
-
UNA: Version: 9.0.0-RC9
Timeline: Version 9.0.10
Groups: Version 9.0.9
Did I miss something?
-
-
·
Alex T⚜️
- ·
Versions looks good.
I can't reproduce this bug on 9.0.0-RC9 version nor current dev version.
I would suggest for the next version 9.0.0-RC10 and if the problem persists then please report again.
-
·
Alex T⚜️
-
Do you have an approximate release date for version 9.0.0-RC10.
-
-
·
Alex T⚜️
- ·
Very hopefully - next week.
-
·
Alex T⚜️