Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Help from Jazzman
i've wrote in this discussion : http://lussumo.com/community/discussion/4495/attachments-20-security-bug/#Item_6
but as i'm not getting any answer...here i am...
I have to use Attachment 1.4 as i must have it folder based, but the problem i have is the security issue of anyone being able to access the attachment even if they are not logged to the discussion.
ideally the URL of the attached file should not allow one that doesn't have the proper role to access the file...
any possible help on this ?
i know Jazzman is now dedicated to v2 but a 1.42 to fix this security issue would be amazing :)
thanks in advance
0
This discussion has been closed.