some emails leak the email addresses of LP admins
Bug #1952623 reported by
Junien F
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Fix Released
|
Critical
|
Jürgen Gmach | ||
Bug Description
Hi,
The "mirror verification failed" emails are sent with LP admins and the mirror owner in the "To" field of the email, leaking the email addresses of all LP admins.
Could this please be changed to "Bcc" for the LP admins ? (or something more elaborate, I don't know).
Thanks !
Related branches
~jugmac00/launchpad:prevent-email-disclosure
- Colin Watson (community): Approve
-
Diff: 134 lines (+41/-16)4 files modifiedlib/lp/registry/model/distributionmirror.py (+5/-4)
lib/lp/registry/tests/test_distributionmirror.py (+15/-7)
lib/lp/translations/scripts/po_import.py (+2/-5)
lib/lp/translations/scripts/tests/test_translations_import.py (+19/-0)
Revision history for this message
| Junien F (axino) wrote | #1 |
| summary: |
- "mirror verification failed" emails leak the email addresses of LP - admins + some emails leak the email addresses of LP admins |
Revision history for this message
| Colin Watson (cjwatson) wrote | #2 |
| Changed in launchpad: | |
| status: | New → Triaged |
| importance: | Undecided → Critical |
| Changed in launchpad: | |
| assignee: | nobody → Jürgen Gmach (jugmac00) |
| status: | Triaged → In Progress |
| Changed in launchpad: | |
| status: | In Progress → Fix Committed |
| Changed in launchpad: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Note that this also happens for translation errors emails, for a recent example :
Subject: Import problem - German (de) - bash in Ubuntu Jammy package "bash"