Vulnerability With Email Address Visibility on the MPR

Published Monday, Jul 25, 2022

It has been discovered that email addresses were not hidden on the MPR, even if a user had the Hide Email Address checkbox clicked during signup or at a later time via their account page.

This could lead to an account’s email being leaked, which may be problematic if your email needs to remain private for any reason.

Users hosting their own mprweb instance will need to upgrade to commit d13e3f2 to obtain the fix. Users on the official instance will already have this issue fixed.

Hunter Wittenborn