Closed de-jcup closed 4 years ago
Having wrong configured email notification was not simple to detect out of the box. So we will add an info logging about the mail topics (from, replyTo, subject, to,cc,bcc) .
The topic will NOT contain the mail text! Critical or sensitive data may be never inside the subject, but only inside text of messsage so it is okay to log the subject, to know which kind of message is sent. Email addresses are inside the log to check the target addresses are as expected as well.
sechub.notification.email.administrators
is currently set to "sechub@example.org" as a default fallback. A wrong configuration is not recognized and mails to admins are sent to the example address instead correct one.We must change this and make the setup mandatory.