github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: BCC active user emails from group SMTP (#19725)

Browse Source 
When sending emails out via group SMTP, if we
are sending them to non-staged users we want
to mask those emails with BCC, just so we don't
expose them to anyone we shouldn't. Staged users
are ones that have likely only interacted with
support via email, and will likely include other
people who were CC'd on the original email to the
group.

Co-authored-by: Martin Brennan <martin@discourse.org>
This commit is contained in:
Alan Guo Xiang Tan
2023-01-05 06:07:50 +08:00
committed by GitHub
parent f4ab3f4543
commit ab3a032b4b
8 changed files with 65 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/email/message_builder.rb
View File

@ -141,7 +141,8 @@ module Email
body: body,
charset: 'UTF-8',
from: from_value,
cc: @opts[:cc]
cc: @opts[:cc],
bcc: @opts[:bcc]
}
args[:delivery_method_options] = @opts[:delivery_method_options] if @opts[:delivery_method_options]