id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
11695	Comments on private posts can be view by anyone via RSS	palotasb		"If you consider that comments on a private post can contain confidential information, this is a security bug or privacy/information disclosure vulnerability.

To reproduce, create a private post and try to view the post's comment feed after you've logged out. You can see the comments, but you shouldn't.

A temporary solution is to install the plugin I've attached to this ticket, but the real solution is to modify core files."	defect (bug)	closed	high		Comments		normal	worksforme	has-patch needs-testing