showdependencytree.cgi exposes mail addresses when the query is made by a user who is not logged in. I think the general intent is to replace addresses with names, as buglist.cgi does, so I'm filing the bug. Version-Release number of selected component (if applicable): 2.18 How reproducible: Always Steps to Reproduce: 1. curl -k 'https://bugzilcom/showdependencytree.cgi?id=235705' Actual results: Email addresses are listed. Expected results: Assignees should be listed by name. Additional info: This is similar to bug #189835.
Oh, of course my copy/paste fu is lacking. The reproducer command should be curl -k 'https://bugzilla.redhat.com/showdependencytree.cgi?id=235705'
Verified this is the case. Taking.
Created attachment 290675 [details] Patch for showdependencytree.cgi to hide email addresses if non-logged in user is viewing (v1) Submitting patch for review by bugzilla developers.
Fix should now be live on production and verified working. Please reopen this if not satisfactory.