Severity: CRITICAL
Location: src/Models/ForumSubscription.php:53-71
Bug: Removed members of private forums keep receiving reply notifications with body excerpts.
Fix: Join against forum_members (or re-check Forum::canView per subscriber) before building the fan-out.
Status: open. Will reply with remediation details when resolved.
Resolved.
ForumSubscription::subscribersForThread() now re-checks Forum::canView + !Forum::isPreviewOnly per subscriber before including them in the fan-out (src/Models/ForumSubscription.php).
Stale subscription rows from users who were removed from a private forum are quietly skipped. No schema change or background migration is required — the check runs at notification time, so existing rows lose access immediately when membership changes.
Minor perf cost (one extra SELECT per subscriber); acceptable for the correctness + privacy win. Will revisit with a single JOIN if subscriber lists grow large.
Locking this thread.
We noticed you are visiting from a mobile device. We are glad you are here, but know that 6502ish is best experienced on the desktop. Some features are not easily used via mobile and your experience may vary from the full experience via desktop.