Errata overview
Errata ID 24
Date 2015-12-09
Source package univention-self-service
Fixed in version 1.0.3-12.58.201512081132
This update addresses the following issues:
* The sender address of token emails is now changeable with the UCR variable
  umc/self-service/passwordreset/email/sender_address (Bug 40048).
* It is now possible to use the passwort reset service with the primary
  email address instead of the username (Bug 40049).
* The servername used in token emails is now configurable via the
  UCR variable umc/self-service/passwordreset/email/webserver_address
  (Bug 40107).
* Tokens aren't written to log files regardless of the configured debug level
  (Bug 39996).
* The unjoin scripts are executed when removing the package (Bug 39980).
* The links on the ucs-overview are removed when uninstalling.
  (Bug 40033).
* Redirections are now restricted to relative paths only (Bug 39981).
* Protect against denial of service attacks. The UCR variables
  umc/self-service/passwordreset/limit/.* may be used to configure request
  limits (Bug 39720).
* It's not possible to gain information about existence of users anymore
  (Bug 39939).
* The postrm script has been modified to correctly restart apache2.
Additional notes
UCS Bug number #39720