Disallow access to unpublished version's package pages.

(Stanislav Zadiraev) #1

Unpublished version’s package pages are not available on Version History list on a latest version’s package page.

But these are still available directly through their URIs.

These can contain accidentally published private data.

And these can be found by brute force.

(Lars Willighagen) #2

See also: