discourse

mirror of https://github.com/discourse/discourse.git synced 2024-12-04 18:03:43 +08:00

History

Gerhard Schlager 5c91d9a629 SECURITY: Remove auto approval when redeeming an invite (#16976 ) This security fix affects sites which have `SiteSetting.must_approve_users` enabled. There are intentional and unintentional cases where invited users can be auto approved and are deemed to have skipped the staff approval process. Instead of trying to reason about when auto-approval should happen, we have decided that enabling the `must_approve_users` setting going forward will just mean that all new users must be explicitly approved by a staff user in the review queue. The only case where users are auto approved is when the `auto_approve_email_domains` site setting is used. Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>		2022-06-02 16:11:04 +02:00
..
assets	FIX: Ensure values are escaped in select-kit dropdowns (#16586 )	2022-04-28 16:31:41 +01:00
controllers	SECURITY: Remove auto approval when redeeming an invite (#16976 )	2022-06-02 16:11:04 +02:00
helpers	DEV: Support for running theme test with Ember CLI (third attempt)	2022-01-13 16:02:07 -05:00
jobs	SECURITY: Hide private categories in user activity export (#16276 )	2022-03-24 15:56:50 +10:00
mailers	DEV: Hash tokens stored from email_tokens (#14493 )	2021-11-25 09:34:39 +02:00
models	SECURITY: Remove auto approval when redeeming an invite (#16976 )	2022-06-02 16:11:04 +02:00
serializers	SECURITY: Category group permissions leaked to normal users.	2022-04-08 11:04:59 +02:00
services	FIX: Prevent "integer out of range" when merging post timings (#15723 )	2022-01-26 23:34:28 +01:00
views	DEV: Support for running theme test with Ember CLI (third attempt)	2022-01-13 16:02:07 -05:00