Skip to content

fix(mail): Apply enhanced privacy rules to activity notification emails#108177

Merged
wedamija merged 2 commits intomasterfrom
danf/regression-apply-enhanced-privacy
Feb 13, 2026
Merged

fix(mail): Apply enhanced privacy rules to activity notification emails#108177
wedamija merged 2 commits intomasterfrom
danf/regression-apply-enhanced-privacy

Conversation

@wedamija
Copy link
Member

@wedamija wedamija commented Feb 12, 2026

When enhanced_privacy is enabled, activity emails (regression, etc.) still leaked sensitive information via the preheader, text body, and subject line. Hide group details behind the enhanced_privacy flag.

https://linear.app/getsentry/issue/RTC-736/apply-enhanced-security-email-rules-to-regression-emails

@wedamija wedamija requested a review from a team February 12, 2026 21:36
@wedamija wedamija requested a review from a team as a code owner February 12, 2026 21:36
@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Feb 12, 2026
@wedamija wedamija enabled auto-merge (squash) February 13, 2026 18:57
cursor[bot]
cursor bot reviewed Feb 13, 2026
View reviewed changes
Copy link
Contributor

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.

src/sentry/templates/sentry/emails/activity/generic.html
{% if enhanced_privacy %}
<div class="notice">Details about this issue are not shown in this notification since enhanced privacy
controls are enabled. For more details about this issue, <a href="{{ link }}">view this issue on Sentry</a>.</div>
{% endif %}
Copy link
Contributor

@cursor cursor bot Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Duplicate privacy notice in user feedback emails

Low Severity

The new enhanced_privacy notice in generic.html (lines 55–58) sits outside {% block activity %} but inside {% block content %}. The new-user-feedback.html template extends generic.html and only overrides {% block activity %} — where it already renders its own privacy notice ("Details about this feedback are not shown…"). Because UserReportNotification.get_context() sets enhanced_privacy, both notices render, producing a duplicate privacy message in user feedback emails.

Fix in Cursor Fix in Web

@wedamija wedamija force-pushed the danf/regression-apply-enhanced-privacy branch from 261b03d to 1a727f4 Compare February 13, 2026 19:26
@wedamija
fix(mail): Apply enhanced privacy rules to activity notification emails
39ccbbf 
When enhanced_privacy is enabled, activity emails (regression, etc.) still leaked sensitive information via the preheader, text body, and subject line. Hide group details behind the enhanced_privacy flag.

https://linear.app/getsentry/issue/RTC-736/apply-enhanced-security-email-rules-to-regression-emails
@wedamija
fix test
8a8d7e5
@wedamija wedamija force-pushed the danf/regression-apply-enhanced-privacy branch from 1a727f4 to 8a8d7e5 Compare February 13, 2026 21:23
@wedamija wedamija merged commit aedeffa into master Feb 13, 2026
76 checks passed
@wedamija wedamija deleted the danf/regression-apply-enhanced-privacy branch February 13, 2026 21:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@markstory markstory markstory approved these changes

@JoshFerge JoshFerge JoshFerge approved these changes

Assignees

No one assigned

Labels

Scope: Backend Automatically applied to PRs that change backend components

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wedamija @markstory @JoshFerge