Notifications API for Registrations Sends Password in Plain Text

[patdumond]

Currently, the Notifications API for Registrations sends the password field in its data. This is a security problem and the password should never be sent in an Admin notification anyway. Suggest the password field be removed from this Notification.

[jaswrks]

Coming soon .. Next Release

• (s2Member/s2Member Pro) Security Enhancement: This release removes the %%user_pass%% Replacement Code from the API Registration Notification email that is sent to a site owner; i.e., when/if it is configured by a site owner. Props @patdumond see Issue #954. This Replacement Code was removed as a security precaution.

[raamdev]

s2Member v170524 has been released and includes changes from this GitHub Issue. See the v170524 announcement for further details.

---

This issue will now be locked to further updates. If you have something to add related to this GitHub Issue, please open a new GitHub Issue and reference this one (#954).