Amoratinos commented on PR #2300: URL: https://github.com/apache/jackrabbit-oak/pull/2300#issuecomment-2901362175
To my understanding it shouldn't be any risk as it's only revealing the path. Initially more information was exposed like the actions or the permissions requested but that was removed. In my opinion, the method we should pay the most attention to is the one that receives the tree, the property state, and the actions, since this is the one used in multiple places. This checkPermissions is used on `NodeImpl.addNode removeMixin addMixin` methods and in `ImporterImpl.createTree`. The only scenario where I could foresee a risk is when the path of a node is used like an ID, e.g. node path represents a token or sth like, and I think that's an edge case. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: oak-dev-unsubscr...@jackrabbit.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
