I just noticed a major bug in the inheritance of access rights for subcategories:
How to reproduce: Create a category where only a certain group of people has access to. Now create a subcategory, without further access specifications. That subcategory violates the access rights of its main category and will be publicly available.
Expected behaviour: Subcategories should never be able to gain more rights than their main category.
Discourse version: v1.6.0.beta12 +61