Project

General

Profile

Actions

Bug #21945

closed

During upgrade session and cache should be deleted

Added by Lukas Zapletal over 6 years ago. Updated about 1 month ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Upgrades
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

During upgrade, we should consider deleting cache and session store. We haven't seen issues so far, but theoretically we could remove some permissions and these are being cached. After upgrade, user session are still valid including cache, this could possibly lead to security incident.

Actions #1

Updated by Marek Hulán over 6 years ago

I think that makes sense, although the risk is quite small. The cache would result in seeing menus that won't be accessible, permission check should catch this. If the migration has impact on roles, again, it should have immediate impact. But I can see the issue if the upgrade changes sessions themselves. The inconvenience of logging again after upgrade is small, so +1 from me.

Actions #2

Updated by Eric Helms about 1 month ago

  • Status changed from New to Rejected
Actions

Also available in: Atom PDF