This is an old revision of this page, as edited March 29, 2017, 12:02 PM by pegasus(contribs). It may differ significantly from the current revision.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2017-3687 Related Report None Severity HIGH Exploit Difficulty Difficult Platform Affects all platforms supported by the vulnerable versions. Description CAN-SPAM Non-compliance. Email subscriptions imported into VaultWiki using the Admin Panel's import system do not handle unsubscribe links sent from the source wiki within the past 30 days. Does not affect Lite versions.
Discovered March 1, 2017 Resolved NOT RESOLVED Patches Available None Workaround Use a MySQL query to downgrade all subscriptions from email alerts to on-site alerts:
Code:UPDATE vw_subscribe
SET notifytype = 0
Notes
The prior behavior of non-compliance was consistent with the non-compliant behavior of vBulletin's and XenForo's own importers, which likewise import subscriptions without being able to process old unsubscribe links (sent within 30 days). Other add-ons that include importer functions may also be non-compliant. While unrelated to VaultWiki, if you are using other importers, such as when importing entire forums, it is recommended that you downgrade all imported subscriptions in a similar fashion in order to keep your site compliant and avoid fines. Please contact your various software vendors for the appropriate queries in order to turn off email notifications for all imported content (threads, forums, social groups, albums, resources, and so on).
Patches for this issue downgrade incoming email subscriptions to on-site alerts for new imports. Starting with the next full version, 4.0.18, the import process will additionally send affected users a final email notification for each such subscription in order to inform them of the change, should the user wish to reactivate email notifications.