No different to the way that unpublished categories are available to be selected.

At the end of the day if you want users to create content on the front end there will always be cases like this. For me it is a desirable behaviour as I have users creating content in an unpublished category for me to review later and move to the live category.

Although I don't use tags myself I can see the same use case apply. There might even be a tag "for-review".

I do not agree with your opinion that this is a security issue nor that it is not desirable behaviour.

Yes I guessed you would disagree... Luckily the same way you disagreed for years about the "autocomplete" not being a security issue disclosing unpublished data, until I proved it was a huge issue, by pulling whole huge amounts of Personally Identifiable Information (IP addresses included) from unpublished content, of data from joomla.org and passing it to the JSST as proof.

So yeah...

If something is unpublished then it should be inaccessible from the frontend..

A tag, with a Super Admin level, and is unpublished, should never be being displayed to an Editor level user.

You must be thinking of someone else.

I'll go back to contributing instead of moaning

Keep the personal attacks coming Brian... and I'll just keep reporting you. I genuinely feel sorry for you, it must be so hard for you to allow others to actually contribute ....

Calling @richard67 as expert for personal attacks to decide if this is an personal attack or not.

@gostn No, but it seems you are an expert in stalking.

And this is the toxic environment that Joomla provides its contributors... pathetic really. Really pathetic.

@PhilETaylor It‘s not Joomla, it‘s just this guy stalking me. Sorry that I have answered him here, I did not want to hijack your issue.

We all have our stalkers. This project breeds, harbours and supports them.

sorry phil for hijacking you topic,

@gostn we blocked you for 7 days because of repeated toxic behavior against at least one member.

@PhilETaylor you can reopen you issue if you wish.

About unpublished tags, the problem I see (also in the backend) if you hide unpublished tags from lower privileged users we would loose them if this uses saves an article that has already unpublished (or acl based) tags.

Preserving them could be a bit tricky and maybe also unexpected for the editor. The question is how would you define who can see them?

So you can quickly and easily ban somebody for seven days, but when Toxic Teeman continues his campaign of abuse, personal attacks, and discouraging contributions from others (not just towards me, but towards others and new contributors), he is actively harboured & supported, by the project leadership. Double standards much.

I don't pretend have all the answers for the issue reported. Feel free to reopen it if you like, you have that power, but as toxic Teeman has already shared his opinion, nobody else's voice or experience counts, apparently.

I can only tell you what the issue is and share the issue so that it has the widest audience so that it has the greatest chance of being resolved.

That is called contributing.

I test joomla as gostn as you can see at "User Tracker Activity".
I'm the bad guy cause i critized team-members.
The easy solution "ban" is toxic in the long run.

For brian it's better to create a CoC or/and add him to you block list, (I should do the same since he attacked me too).

for the issue it self I don't see a "make everyone happy" solution... if someone else come up with something useful we can talk again about it.

Pleased to hear it's not just me he attacks then.

Don't make me laugh. The CoC process is null and void. Teeman is protected by those in leadership and when someone does have the balls to stand up to him he threatens legal action against the project. All documented. All facts. All provable.

Have to laugh at being accused of making personal attacks when simply stating that I disagree that something is a security issue (which never should be posted in public in the first place). I can't help it if you take is as a personal attack. The answer would have been the same to anyone.

@HLeithner I have?

@PhilETaylor @HLeithner
I think Phil's issue has value.

Please Phil, re-create your issue.

I'm now locking this one as too much heated conversation