Olivier Berger reported an information leak in twiki for plugins when using the default WorkAreaDir which might be accessible from the web. See URL for details.
web-apps, please advise.
No action required from our side. The install instructions state: 2. Take a look at twiki_httpd_conf.txt and modify your Apache configs as needed. twiki_httpd_conf.txt contains: <Directory "/var/www/localhost/htdocs/twiki/pub"> Options None AllowOverride Limit ... Which will lead to .htaccess having effect in that directory. So our default configuration is fine.
Sounds reasonable.