Bugzilla API leaks full email addresses in history

RESOLVED DUPLICATE of bug 520448

Status

()

Bugzilla
WebService
RESOLVED DUPLICATE of bug 520448
5 years ago
4 years ago

People

(Reporter: st3fan, Unassigned)

Tracking

Details

(Reporter)

Description

5 years ago
The Bugzilla REST API does not remove full email addresses when accessed anonymous from the history items.

For example, requesting the following API calls shows full email addresses:

https://api-dev.bugzilla.mozilla.org/latest/bug/835983?include_fields=history

First history item:

--- 
history: 
  - 
    change_time: 2013-01-29T20:55:21Z
    changer: 
      name: sarentz@mozilla.com
      ref: https://api-dev.bugzilla.mozilla.org/latest/user/sarentz@mozilla.com
    changes: 
      - 
        added: ptheriault@mozilla.com
        field_name: cc
        removed: ''
Yep, this is a known issue. Can't remember the bug # right now.
Whiteboard: DUPEME

Updated

5 years ago
Assignee: nobody → gerv
Component: API → BzAPI
Product: bugzilla.mozilla.org → Webtools
Version: Production → other

Updated

5 years ago
OS: Mac OS X → All
Hardware: x86 → All
It's not a BzAPI issue. The Bugzilla API itself does this.
Perhaps bug 520448, which is INVA since it's intentional? It was made a bit better at bug 577329, though.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 520448
(In reply to Reed Loden [:reed] from comment #2)
> It's not a BzAPI issue. The Bugzilla API itself does this.

Yep. Changed to soon. Changing back just to be thorough. Sorry for the spam.
Assignee: gerv → webservice
Component: BzAPI → WebService
Product: Webtools → Bugzilla
QA Contact: default-qa
Version: other → unspecified
(Reporter)

Updated

5 years ago
Duplicate of this bug: 838302

Updated

4 years ago
Whiteboard: DUPEME
You need to log in before you can comment on or make changes to this bug.