During the update to v17.8 (also v18.3 and v19.1), Rock automatically copies security from a File Type onto its corresponding Document Type — but only for the two built-in types: Giving Statement and General Person Document, and only if the Document Type had no View security already set on it.
We have decided to leave the custom Document Types as they are. Without knowing the original intent, we cannot assume the absence of view security was an oversight, as it may have been intentional.
To help you spot potential exposure, we added a Public Viewable badge to any Document Types and File Types that grants View access to All Users, All Authenticated Users, or All Unauthenticated Users. If you see that badge on a type you didn't intend to make public, we suggest you review its security settings.
