MSA-20-0021: The participants table download feature did not respect the site's show user identity configuration
The participants table download always included user emails, but should have only done so when users' emails are not hidden.
Severity/Risk: | Minor |
Versions affected: | 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8 |
Versions fixed: | 3.10, 3.9.3, 3.8.6 and 3.7.9 |
Reported by: | A. Schenkel |
CVE identifier: | CVE-2020-25703 |
Changes (master): | http://g |