The SupportUtility allows the user to enter an arbitrary e-mail address to send a copy of the e-mail to. This issue removes the option for users to enter an e-mail address to CC.
This issue also introduces a flag that prevents the TO address from being changed through the web interface. By default this flag is false. The flag can be changed in the confluence_cfg.xml once Confluence has been setup. The flag to change is admin.ui.allow.site.support.email a restart of Confluence is needed to change this flag.
This issue is rated HIGH. Please refer to http://confluence.atlassian.com/x/ZILmD for other security related issues and information on how we rate issues.