Pull request notification shows wrong user details (BB-4341)

Issue #4106 resolved
Halogenics created an issue

Hi there. We just completed a pull request/approve and the notification email shows the wrong user details - thought you'd want to know!

I've attached screenshots.

Comments (16)

  1. Halogenics reporter

    You're welcome. Was still doing it as of last night - has the potential to seriously freak people out I would think. We're doing pull request/approve pretty often, so give us a heads up if you want us to help test.

  2. Marcus Bertrand staff

    All,

    To clarify, this issue ONLY affects the notifications being sent out. At no point does anyone else have access to your repositories or data.

  3. Tatham Oddie

    This is causing information leakage for us. We have a corporate account that owns each of our repos. There are some worker accounts which have access to private client repos to support CI. These are named as per the client. We also have an open source project. When I accept pull requests on the open source project, it sends out notifications revealing the names of some of our clients.

  4. Former user Account Deleted

    Ours aren't even related - we've got people we've never heard of and who are completely unrelated to us accepting our pull requests.

    Any word on a fix for this guys?

  5. Marcus Bertrand staff

    Hello, we feel we have resolved the root cause of this issue. If you see anything else or similar, please raise a support request to support@bitbucket.org.

  6. Halogenics reporter

    Hi Marcus.

    We've done a full pull requests the last 24 hours, and they do now seem to be reporting to correct user.

    Look to be resolved from our point of view - many thanks.

  7. Log in to comment