Security Violation with Timeline Module and Groups

The following security violation exists within the Timeline Module relating to the Public Feed.

Any post that is made to a closed or secret group with the visibility of the post set to the closed or secret group appears in the timeline. 

The problem however is that a portion of the content of the post is also visible. 

Perhaps only the header should be displayed in the Public Feed of a closed group. If secret no item should appear.

None of the content of the post should be visible outside of Members of the Group Members. 

Not even the content snippet. hitting more reveals even more of the private content.

  • 278
  • More
Replies (5)
    Login or Join to comment.