You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Konrad Windszus (Jira)" <ji...@apache.org> on 2023/01/09 13:58:00 UTC

[jira] [Commented] (SLING-10281) Revert SLING-9449: set principal ACL should throw an Exception it it fails

    [ https://issues.apache.org/jira/browse/SLING-10281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17656112#comment-17656112 ] 

Konrad Windszus commented on SLING-10281:
-----------------------------------------

As in https://lists.apache.org/thread/7mvc2jvxltvrrntklzm1gzfmf0jy3mhc we reached consensus that we should not change implementation in a potentially backwards incompatible ways, I proposed in https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/28 a new statement {{ensure principal ACL}} which has the stricter semantics.

> Revert SLING-9449: set principal ACL should throw an Exception it it fails
> --------------------------------------------------------------------------
>
>                 Key: SLING-10281
>                 URL: https://issues.apache.org/jira/browse/SLING-10281
>             Project: Sling
>          Issue Type: Bug
>          Components: Repoinit
>    Affects Versions: Repoinit JCR 1.1.34
>            Reporter: Konrad Windszus
>            Assignee: Konrad Windszus
>            Priority: Major
>             Fix For: Repoinit JCR 1.1.44
>
>          Time Spent: 8h 20m
>  Remaining Estimate: 0h
>
> As highlighted in the last comment of SLING-9449, repoinit should use exceptions when some statements cannot be applied (as that leads to an undesired repository state). In the worst case it could lead to privilege escalation



--
This message was sent by Atlassian Jira
(v8.20.10#820010)