> > AFAIK, this issue doesn't affect T5.0.18, as it happens only with versioned > assets, something that was introduced in T5.1.
Apparently it does, since Christian also provided example-links. I just checked and I can also publicly access resources like the web.xml and hibernate.cfg.xml on a webapp that is already in production using Tapestry 5.0.18. This is a *VERY* high priority security-issue with Tapestry IMO. regards, Onno
