Affected Version: 2.3, 2.4
What steps will reproduce the problem?
1. Create a draft
2. Try to read it anonymously or logged under other non-privileged account, the draft got a non found (2.3) / permission problem (2.4) message
3. Go to gitweb, the draft is visible
What is the expected output? What do you see instead?
Expected output would be to protect restricted information from a public view.
This bug were initially reported on the Wikimedia/MediaWiki bugtracker, at https://bugzilla.wikimedia.org/show_bug.cgi?id=37115
Labels: -Security -NonPublic