Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Security Issue: Saved sessions for banned users

We've recently discovered that while a banned user is not allowed to login, (s)he can still visit the direct link to his/her profile and post there, which of course shows up in the activity feed. I'm guess this is because their session is still open. Is this a known issue? Thanks.
Tagged:

Comments

Sign In or Register to comment.