tomf
#1
When adding a File that is already in the System as an attachment, frappe creates a public copy of that file. See Attach creates public File Copy · Issue #20938 · frappe/frappe · GitHub
Related Topics:
doca
#2
After seeing the github issue, I think that this is quite a big security issue!!
Can anybody from Frappe comment on this?