Impact
The content of pages made non-viewable to a user via permissions, within a visible parent, could be seen via the plaintext export option. Before v0.30.6 this would have applied only to scenarios where all pages within the chapter were made non-visible. In v0.30.6 this would make all pages within the chapter visible.
Patches
This has been patched in v0.30.7.
Workarounds
Please update. As a temporary workaround you could make parent chapters/books non accessible.
References
Attribution
A big thanks again to @cdrfun for discovering and reporting this issue.
For more information
If you have any questions or comments about this advisory:
Impact
The content of pages made non-viewable to a user via permissions, within a visible parent, could be seen via the plaintext export option. Before v0.30.6 this would have applied only to scenarios where all pages within the chapter were made non-visible. In v0.30.6 this would make all pages within the chapter visible.
Patches
This has been patched in v0.30.7.
Workarounds
Please update. As a temporary workaround you could make parent chapters/books non accessible.
References
Attribution
A big thanks again to @cdrfun for discovering and reporting this issue.
For more information
If you have any questions or comments about this advisory: