This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.

Gerhard Schlager 7c4e2d33fa SECURITY: Remove auto approval when redeeming an invite (#16974) ... This security fix affects sites which have `SiteSetting.must_approve_users` enabled. There are intentional and unintentional cases where invited users can be auto approved and are deemed to have skipped the staff approval process. Instead of trying to reason about when auto-approval should happen, we have decided that enabling the `must_approve_users` setting going forward will just mean that all new users must be explicitly approved by a staff user in the review queue. The only case where users are auto approved is when the `auto_approve_email_domains` site setting is used. Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>		2022-06-02 16:10:48 +02:00
..
assets	DEV: emoji picker - make it possible to choose picker's placement and add a dedicated class for an anchor (#16969)	2022-06-01 22:24:23 +04:00
controllers	SECURITY: Remove auto approval when redeeming an invite (#16974)	2022-06-02 16:10:48 +02:00
helpers	FIX: Harmonise category body class generation on server/client (#16967)	2022-06-01 18:18:20 +01:00
jobs	FIX: Skip pulling hotlinked images for nil user bio (#16901)	2022-05-24 11:52:13 +01:00
mailers	FIX: respect user timezone in emails about silencing and suspending (#16918)	2022-05-27 13:58:54 +04:00
models	SECURITY: Remove auto approval when redeeming an invite (#16974)	2022-06-02 16:10:48 +02:00
serializers	FEATURE: user status (#16875)	2022-05-27 13:15:14 +04:00
services	FIX: fallback to default push notification icon if none exists (#16961)	2022-06-01 12:00:05 +10:00
views	FEATURE: Promote polymorphic bookmarks to default and migrate (#16729)	2022-05-23 10:07:15 +10:00