Hello everybody,
In our 2.4.6 release a couple of weeks ago we've also included a security-related change
in the way we handle files in the built-in search (through the FulltextSearchable extension).
While its more of an unexpected default behaviour than a security flaw,
I felt that it needs to be highlighted due to its potential privacy and data protection implications.
I've amended the 2.4.6 upgrading guides to describe the issue:
In short: If you're hosting sensitive files or allowing users to upload their own files,
please upgrade and read the instructions carefully.
Regards
Ingo