Closed
Bug 838037
Opened 11 years ago
Closed 11 years ago
Bugzilla API leaks full email addresses in history
Categories
(Bugzilla :: WebService, defect)
Bugzilla
WebService
Tracking
()
RESOLVED
DUPLICATE
of bug 520448
People
(Reporter: st3fan, Unassigned)
References
Details
The Bugzilla REST API does not remove full email addresses when accessed anonymous from the history items. For example, requesting the following API calls shows full email addresses: https://api-dev.bugzilla.mozilla.org/latest/bug/835983?include_fields=history First history item: --- history: - change_time: 2013-01-29T20:55:21Z changer: name: sarentz@mozilla.com ref: https://api-dev.bugzilla.mozilla.org/latest/user/sarentz@mozilla.com changes: - added: ptheriault@mozilla.com field_name: cc removed: ''
|
||
Comment 1•11 years ago
|
||
Yep, this is a known issue. Can't remember the bug # right now.
Whiteboard: DUPEME
|
||
Updated•11 years ago
|
Assignee: nobody → gerv
Component: API → BzAPI
Product: bugzilla.mozilla.org → Webtools
Version: Production → other
|
|
||
Updated•11 years ago
|
OS: Mac OS X → All
Hardware: x86 → All
|
|
||
Comment 2•11 years ago
|
||
It's not a BzAPI issue. The Bugzilla API itself does this.
|
||
Comment 3•11 years ago
|
||
Perhaps bug 520448, which is INVA since it's intentional? It was made a bit better at bug 577329, though.
|
|
||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
|
|
||
Comment 5•11 years ago
|
||
(In reply to Reed Loden [:reed] from comment #2) > It's not a BzAPI issue. The Bugzilla API itself does this. Yep. Changed to soon. Changing back just to be thorough. Sorry for the spam.
Assignee: gerv → webservice
Component: BzAPI → WebService
Product: Webtools → Bugzilla
QA Contact: default-qa
Version: other → unspecified
You need to log in
before you can comment on or make changes to this bug.
Description
•