id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc 98,"Annotation based security is easy to bypass by adding "".html' to the URL",Gavin,Gavin,"Upstream security issue, see: http://jira.grails.org/browse/GPACEGI-41 Recommended fix is to set Config.groovy: grails.mime.file.extensions = false This did not leave gnuMims completely open to the world since gnuMims was configured with pessimistic security. However a logged in user may access urls that they are not authorised to.",defect,closed,blocker,0.8 - Purchasing and Inventory Improvements,gnuMims - application security,trunk,fixed,,