From d3553d9335c6b50a1120ba3760b6965d1d9693d7 Mon Sep 17 00:00:00 2001 From: Georg Lehner Date: Thu, 6 Jun 2024 16:55:53 +0200 Subject: [PATCH] Add warning about new default to HELPDESK_ENABLE_ATTACHEMENTS --- docs/settings.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/settings.rst b/docs/settings.rst index ea1529b7..004a06bf 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -61,6 +61,12 @@ Settings related to attachments: attached to tickets and followups, and emails are searched for attachments which are then attached to the ticket. Also enables the ``HELPDESK_ALWAYS_SAVE_INCOMING_EMAIL_MESSAGE`` setting. + + **Caution**: Until version 1.2.0 attachments were enabled by + default. Since uploaded files by default are published without access + control this can lead to unintended exposure of sensitive + data. The default is now to disable attachments by default. Only + enable attachments if you have secured access to them. - **HELPDESK_VALID_EXTENSIONS** Valid extensions for file types that can be attached to tickets. Note: This used to be called **VALID_EXTENSIONS** which is now deprecated.