From 3951c8b39e070816303f6a3f4b58af3f98eee9ea Mon Sep 17 00:00:00 2001
From: Gunnstein Lye <289744+glye@users.noreply.github.com>
Date: Tue, 26 Nov 2024 10:56:03 +0100
Subject: [PATCH 1/2] Added Form Uploads warning

---
 .../security/security_checklist.md                               | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/infrastructure_and_maintenance/security/security_checklist.md b/docs/infrastructure_and_maintenance/security/security_checklist.md
index 29cfd34d29..1c264510e5 100644
--- a/docs/infrastructure_and_maintenance/security/security_checklist.md
+++ b/docs/infrastructure_and_maintenance/security/security_checklist.md
@@ -171,6 +171,7 @@ Use the following checklist to ensure the Roles and Policies are secure:
 - Is the Role of self-created new users restricted as intended?
 - Is there a clear Role separation between the organisation's internal and external users?
 - Is access to user data properly restricted, in accordance with GDPR?
+- Files uploaded with the Form Builder are accessible to any user by default. If this does not suit you, restrict access to the Form Uploads folder.
 
 ### Do not use "hide" for read access restriction
 

From 36e213cfb2b5d7ad21ff823a34857c2e5aafa0e9 Mon Sep 17 00:00:00 2001
From: Gunnstein Lye <289744+glye@users.noreply.github.com>
Date: Tue, 26 Nov 2024 11:53:04 +0100
Subject: [PATCH 2/2] Update
 docs/infrastructure_and_maintenance/security/security_checklist.md
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Marek Nocoń <mnocon@users.noreply.github.com>
---
 .../security/security_checklist.md                              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/infrastructure_and_maintenance/security/security_checklist.md b/docs/infrastructure_and_maintenance/security/security_checklist.md
index 1c264510e5..a6fd5deba8 100644
--- a/docs/infrastructure_and_maintenance/security/security_checklist.md
+++ b/docs/infrastructure_and_maintenance/security/security_checklist.md
@@ -171,7 +171,7 @@ Use the following checklist to ensure the Roles and Policies are secure:
 - Is the Role of self-created new users restricted as intended?
 - Is there a clear Role separation between the organisation's internal and external users?
 - Is access to user data properly restricted, in accordance with GDPR?
-- Files uploaded with the Form Builder are accessible to any user by default. If this does not suit you, restrict access to the Form Uploads folder.
+- Is access to Form Builder uploads managed properly? Files uploaded with the Form Builder are accessible to any user by default. If this doesn't suit you, restrict access to the Form Uploads folder.
 
 ### Do not use "hide" for read access restriction