The search tool for project-wide search or generic tool searching (not specialized search handlers like ticket search) doesn't do permission checks and may expose some snippets of information.
Fixed on db/8335
Test various scenarios such as private artifact (like ticket), comments on private artifacts, private tools. Project wide search like /p/test/search is best place to test, but also spot-check generic search on any non-ticket tool like /p/test/wiki/search
Log in to post a comment.