APAR status
Closed as program error.
Error description
In some cases links to content that a user does not have access to may be rendered in a menu. This is when WCM.PATH.TRAVERSAL.SECURITY is true. Traces will show the following for the menu rendering these links: MenuQueryCach 3 Have hit maxItemsToCache threshold ::nnn:: where nnn is the value of the setting ᅠmenu.cache.max.items default is 300.
Local fix
Modify ᅠthe ᅠmenu ᅠdesign ᅠor ᅠthe ᅠmaximum ᅠitems ᅠthe ᅠcache. For example ᅠin ᅠthe ᅠmenu ᅠdesign ᅠchange ᅠthe ᅠread ᅠahead ᅠto d ᅠof 10 ᅠor ᅠreduce ᅠthe ᅠitems ᅠper ᅠpage ᅠto ᅠlower value, or ᅠin ᅠthe ᅠWCMConfigService.properties ᅠfile ᅠ(requires ᅠresta ange ᅠthis ᅠsetting: ᅠ ᅠ ᅠ ᅠ ᅠ ᅠ ᅠmenu.cache.max.items ᅠ= ᅠ300 ᅠ ᅠ ᅠ ᅠto ᅠa ᅠhigher value.
Problem summary
In some cases links to content that a user does not have access to may be rendered in a menu. This is when WCM.PATH.TRAVERSAL.SECURITY is true. Traces will show the following for the menu rendering these links: MenuQueryCach 3 Have hit maxItemsToCache threshold ::nnn:: where nnn is the value of the setting  menu.cache.max.items default is 300.
Problem conclusion
i-fix Name: PM75177 Problem Summary: Menus  may  return  items  that  a  user  does  not  have  acces with  WCM.PATH.TRAVERSAL.SECURITY Detailed Problem Description: In some cases links to content that a user does not have access to may be rendered in a menu when WCM.PATH.TRAVERSAL.SECURITY is true. Traces will show the following for the menu rendering these links: MenuQueryCach 3 Have hit maxItemsToCache threshold ::nnn:: where nnn is the value of the setting menu.cache.max.items default is 300. Problem Analysis: The maxItemsToCache threshold is hit and therefore the menu cache is no longer used instead the items are retrieved from the database as the user in question. The issue is this operation was being performed without the WCM.PATH.TRAVERSAL.SECURITY being taken into consideration. Problem Solution: Updated code to ensure the WCM.PATH.TRAVERSAL.SECURITY is used even when items are retrieved from the DB as the user. Affected Users: All users
Temporary fix
Comments
APAR Information
APAR number
PM75177
Reported component name
LOTUS WEB CONT
Reported component ID
5724I2900
Reported release
615
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-10-17
Closed date
2012-10-17
Last modified date
2012-10-17
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
LOTUS WEB CONT
Fixed component ID
5724I2900
Applicable component levels
R615 PSY
UP
[{"Business Unit":{"code":"BU051","label":"N\/A"},"Product":{"code":"SUPPORT","label":"IBM Web Content Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1.5","Line of Business":{"code":"LOB33","label":"N\/A"}}]
Document Information
Modified date:
20 December 2021