Vulnerability With Email Address Visibility on the MPR
Published Monday, Jul 25, 2022
It has been discovered that email addresses were not hidden on the MPR, even if a user had the
Hide Email Address checkbox clicked during signup or at a later time via their account page.
This could lead to an account’s email being leaked, which may be problematic if your email needs to remain private for any reason.
Users hosting their own mprweb instance will need to upgrade to commit
d13e3f2 to obtain the fix. Users on the official instance will already have this issue fixed.