| Errata ID | 24 |
|---|---|
| Date | 2015-12-09 |
| Source package | univention-self-service |
| Fixed in version | 1.0.3-12.58.201512081132 |
| Description | This update addresses the following issues: * The sender address of token emails is now changeable with the UCR variable umc/self-service/passwordreset/email/sender_address (Bug 40048). * It is now possible to use the passwort reset service with the primary email address instead of the username (Bug 40049). * The servername used in token emails is now configurable via the UCR variable umc/self-service/passwordreset/email/webserver_address (Bug 40107). * Tokens aren't written to log files regardless of the configured debug level (Bug 39996). * The unjoin scripts are executed when removing the package (Bug 39980). * The links on the ucs-overview are removed when uninstalling. (Bug 40033). * Redirections are now restricted to relative paths only (Bug 39981). * Protect against denial of service attacks. The UCR variables umc/self-service/passwordreset/limit/.* may be used to configure request limits (Bug 39720). * It's not possible to gain information about existence of users anymore (Bug 39939). * The postrm script has been modified to correctly restart apache2. |
| Additional notes | |
| UCS Bug number | #39720 #39939 #39980 #39996 #39981 #40033 #40048 #40049 #40107 #40061 |
