@ffs @wowaname @clarjon1 @administrator @empress

at no time (except during the very early days when BE was an alpha-quality product) has Pleroma ever treated direct messages as being publicly accessible.

the code explicitly performs an authorization check before disclosing any object.

if you have found an actual security problem, please report it to the bug tracker and mark it as a security issue -- it will be assigned to our security group and resolved correctly.

there are more urgent things i need to do today than deal with this, so again, if there really is a leak, please report it responsibly to our security group.

thanks