Comments from retricted blog post visible for unrestricted user

h5. Summary All comments made before the post restriction changed to "Viewing and editing restricted" will be available to all user in all updates. This is only happening for blog post, and page restriction working as expected. Tested in version 5.9.1customer's version and 6.1.3, same behavious c...

SA-CONTRIB-2013-086 - Monster Menus - Access bypass

Monster Menus includes the ability to protect the visibility of comments for each node based on hierarchical permissions. However, a carefully-crafted URL could be used to bypass these permissions, allowing an anonymous user to view the comments associated with certain nodes. In order for this fl...