-
legoktm authored
The list unsubscribe/ endpoint now performs validation that the user making the request owns the email address they have requested be unsubscribed. Without this check, any logged-in user could unsubscribe any other email address from any list, also leaking whether that address was subscribed in the first place. Closes #531.
3d880c56