[Moin-devel] Security Bug (minor) : subscriber emails exposed
David Greaves
david at dgreaves.com
Thu Nov 4 08:16:30 EST 2004
Thomas Waldmann wrote:
>
>> I just noticed that if I subscribe to a page that others are
>> subscribed to, their emails are clearly visible in the To: list (and,
>> presumably, my email is in their To: list!)
>
>
> We noticed that, too, a while ago and fixed it before 1.2.4 release.
>
> So this shouldn't happen in moin 1.2.4.
>
>> Maybe all emails should be bcc'ed.
>
>
> They are - since 1.2.4 the "from" address is also used as (fake,
> not real) "to" address and all others are bcced.
OK, I'm still on 1.2.3 - glad it's OK in 1.2.4 :)
Ta
David
More information about the Moin-devel
mailing list