Security issues during auto-upgrade #3191
Description
During auto-upgrade from admin when upgrade starts and shows the
[2016-01-29 08:46:06 UTC] Job "maintenance_mode {"enable":true}" has been started
[2016-01-29 08:46:06 UTC] Magento maintenance mode is enabled.
[2016-01-29 08:46:06 UTC] Job "maintenance_mode {"enable":true}" has successfully completed
[2016-01-29 08:46:06 UTC] Job "update {"components":[{"name":"magento/product-community-edition","version":"2.0.2"}]}" has been started
[2016-01-29 08:46:06 UTC] Starting composer update...
[2016-01-29 08:46:06 UTC] ./composer.json has been updated
if at this point you go to storefront, you get to see things like https://db.tt/JkHlhi3P and this https://db.tt/pWDHbEgS.
In this case I was doing Magento 2.0.1 to 2.0.2 upgrade, but the same thing happened to me when I was doing 2.0.0 to 2.0.1 upgrade.
This lasts for around 30-40 seconds, during which you can see folder listing and errors. At no point have I actually seen maintenance page.
I am using Apache server with basically default setting, and PHP 5.6.
Happy to provide more info if needed, but I think you should be able to replicate it on your own.