Users can see "most recent" activity from categories they don't have access to
After upgrading Vanilla to v3.3 (from 2.3), users can see "Most recent" activity from categories they don't have access to: specifically the post title/author/timestamp. This appears in the parent category's "Most recent" post area.
I posted a bug report but haven't heard back yet so thought I'd mention it here in case any other users have run into the issue.
Steps to reproduce the behavior:
- Create a sub-category with custom permissions so only members of a certain role can see it.
- While logged in as a member who is not of that role, look at the
/categoriespage, at the parent category's "most recent" post area.