·
32 commits
to main
since this release
Changes since v0.2024.008.
Security
- Fixed anonymous comments bug: Real user ids were included in WebSocket messages (that's no good).
Fortunately, there's a popup about maybe-bugs and not writing sensitive things just yet, if starting to write anonymous comments. - Don't look at who the true author is, when deciding if an anonymous comment should be queued for moderator review or not. Otherwise, moderators can in some cases better guess who is who (if they know that "oh, this must be by a new user, since it's in the review queue").
Fixed
- In some cases, people could get two emails about the same comment. For example, if a new member replied to a moderator, then, the moderator first got a new-comment-to-review email, and then, once they had approved the comment, a you-have-a-reply email. And another case related to anonymous comments.
Internal
- More automated tests. (That's how the bugs above got discovered.)