Script right is not allowed by default anymore

Last modified by Thomas Mortagne on 2022/11/28

The XWiki default right scheme has been edited to not allow by default the Script right to all users anymore. We decided to perform this change as the Script right gives a lot of powers to users and we found many possible security vulnerabilities related to using this right. This change will not impact existing instance of XWiki that would perform an upgrade: it only concerns new instances. However we strongly suggest administrators to review the rights they give to users to not give Script right by default to all users, and to give it only to a subset of trusted users.

Created by Simon Urli on 2022/11/22

Get Connected