email addresses leaked to users on ticket's CC list
|Reported by:||Owned by:||osimons|
This is related to #153 ("if you discover any leak of e-mails information remaining for unauthorized users, please create a new ticket").
Anyone who is on a ticket's CC list will be notified by email of ticket changes which include changes to the CC list. Although email addresses on Trac webpages show up as username@…, they are sent unobfusicated to everyone on the CC list.
What I expected to happen is for the notification email to say something like:
Changes (by username):
- cc: username@… (added)
but instead it says:
- cc: username@domain (added)
I'm marking this as a 0.11 milestone since it seems it should go along with the privacy fixes in #153.