Do not use "anonymous" updater's email in ticket notification From
|Reported by:||Owned by:|
|Severity:||normal||Keywords:||updater notification from|
With the "improvement" mentioned in comment:9, it would be possible for a malefactor to use a Trac system to send emails (new tickets or comments) that would appear to come from someone else.
Suggestion: The new
smtp_from_author feature should only use email addresses from authenticated users.