Hi all, I manage an RT 4.2.11 deployment using Debian Wheezy, Apache 2.2, mod_fcgid
Today we had a very concerning issue regarding a notification being sent to a requestor even when it had been explicitly unchecked in the recipients list. At first I didn't believe the user, but then I found this in the log: Jun 22 11:29:08RT:[user.info<14>] [6157] <rt-4.2.11-6157-1434965348-1424.4519-5...@rtdomain.com> reques...@address.com is blacklisted by notification checkboxes for this transaction. Skipping > Jun 22 11:29:55RT:[user.info<14>] [6145] > <rt-4.2.11-6145-1434965395-786.4519-5...@rtdomain.com> #4519/69938 - Scrip 59 > On Correspond from web Notify Requestor and Ccs > Jun 22 11:29:56RT:[user.info<14>] [6145] > <rt-4.2.11-6145-1434965395-786.4519-5...@rtdomain.com> sent To: > reques...@address.com > > You can see that the requestor address was unchecked, but he was notified anyway. The notificatoin script uses a custom condition to just send the notification when using the web interface, with the possibility of squelching recipients manually. The default behaviour (implicit notification to all requestors even for correspondence by mail) was confusing for my team mates. The only odd thing I can see in the log is that the "Blacklisted" and the "sent to ..." entries are written by two different perl processes (PID 6157 and 6145 respectively). That didn't happen when I tried to reproduce the issue (with no success). Does anyone know if that's normal in mod_fcgid? Could it be the cause of the problem? It's a big problem for us if we cannot fully trust the platform to not spread confidential information to unintended recipients. Thank you in advance, Marcos.
