The search tool for project-wide search or generic tool searching (not specialized search handlers like ticket search) doesn't do permission checks and may expose some snippets of information.
QA:
Test various scenarios such as private artifact (like ticket), comments on private artifacts, private tools. Project wide search like /p/test/search is best place to test, but also spot-check generic search on any non-ticket tool like /p/test/wiki/search
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Fixed on db/8335
QA:
Test various scenarios such as private artifact (like ticket), comments on private artifacts, private tools. Project wide search like /p/test/search is best place to test, but also spot-check generic search on any non-ticket tool like /p/test/wiki/search