Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SECURITY: do not expose user/group info #320

Merged
merged 1 commit into from Apr 26, 2022
Merged

Conversation

janzenisaac
Copy link
Contributor

@janzenisaac janzenisaac commented Apr 26, 2022

Unserialized assignee data could leak private info.

@janzenisaac janzenisaac changed the title Serialize assignment assignee SECURITY: Discourse-assign leaks user/group info Apr 26, 2022
@janzenisaac janzenisaac changed the title SECURITY: Discourse-assign leaks user/group info SECURITY: leaks user/group info Apr 26, 2022
@pmusaraj pmusaraj changed the title SECURITY: leaks user/group info SECURITY: do not expose user/group info Apr 26, 2022
@janzenisaac janzenisaac merged commit de36236 into main Apr 26, 2022
4 checks passed
@janzenisaac janzenisaac deleted the serialize-assigned-to branch April 26, 2022 15:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants