Hi all,
This week's change log:
Feel free to reply to this topic if you'd like to comment on the
changes. Or better yet, if you expect a lot of discussion start a new
topic (or rejoin an existing one) about a specific change.
* In the /leave flow, do not show the resubscribe link.
This is likely the first patch with more changes to come. A vulnerability was uncovered whereby if one forwarded or CC'd a group message with the footer intact, the recipient could use the Unsubscribe link to gain access to your account. There's a vigorous discussion on beta@ about how to best implement the unsubscription link in Groups.io footers.
* Search wasn't properly handling multi-byte characters in query strings.
This would affect members who use accented, non-latin, or other special characters in UTF-8 encoding.
* When approving/rejecting a pending message in a subgroup, we weren't allowing people who weren't moderators of the subgroup but who were moderators of the parent group to do so.
Follow that? mods/owners of the primary group are implicitly mods/owners of all subgroups, regardless of whether they have been visibly given that role in the subgroups.
* No longer delete any pending messages from someone when they unsubscribe. Also, display a notice that they are not a subscriber when viewing their pending messages.
This leaves it up to the group mods to decide what to do when a moderated member posts a message but then leaves the group before the message has been approved. Previously such messages were automatically deleted. This occasionally caused consternation when the leaving was unintentional and the member promptly resumed membership: "Hey, where'd my message go?".
* Some broken emails have an empty text/plain part but a real text/html part that unfortunately is tagged 'Content-Disposition: attachment'. For this specific instance, we now ignore that and use the text/html part when displaying the message.
Wow, that really is broken. That email interface author must have been under the influence of something. Or unbelievably inexperienced with formatted email, and lacking the common sense to go look at some examples.
Comments about these others are also welcome:
INTERNAL: Relaxed requirement that the person paying for a group must be a member of that group.
CHANGE: When viewing a member's subgroup subscriptions, show 'Pending' next to pending subs.
SYSADMIN: Tested database backups.
CHANGE: Don't index Enterprise groups in the group search.
CHANGE: Added 'Topic Options' speech tag for topic actions dropdown.
BUGFIX: Searching within a specific thread did not always work.
BUGFIX: Searching within attachments didn't always work.
BUGFIX: Deleting attachments would not delete them from the new search.
CHANGE: Calendar event reminders now are sent as coming from the group itself instead of a noreply@ address.
BUGFIX: Don't show the 'Private' button when replying to a system message like a calendar event notice.
BUGFIX: Bulk remove was only working for premium groups. Fixed.
BUGFIX: The wrong email command address was listed in the Help email for switching to special notices only.
NEW: Updates to the help section for the new hashtag options.
NEW: New API endpoint /creategroup along with additional options for /createsubgroup.
BUGFIX: Deleting a single/multi-choice option in a table when someone has already selected that option caused the display of the table to break.
BUGFIX: Fixed a file descriptor leak in the code that talks with the search cluster.
Please call out any you find significant.
Shal
Shal Farley