Disallow access to unpublished version's package pages.


(Stanislav Zadiraev) #1

Unpublished version’s package pages are not available on Version History list on a latest version’s package page.

But these are still available directly through their URIs.

These can contain accidentally published private data.

And these can be found by brute force.


(Lars Willighagen) #2

See also: