We are facing security issue which we have raised to Fresh Service on 5th August 2019, Ticket ID: 3913354 and we are following with Fresh Service support without much luck.
2. Support ticket generated & all users notified with response.
3. The sender of the mail removes user 2 from the 'To' section of the initial mail and replies to user 1&3 via email.
4. When the mail reaches Freshservice, User 2 is added again and is notified about the response which was not intended for him.
5. We come to know about it since user 2 has responded on the notification mail in point 4.
We have already faced two issues where internal user removed the client mail ID from the mailing list and replied on email thread which is supposed to be internal communication and should not go to the client but as client email ID was part of initial mail thread, fresh service again added the email ID of the client and client got the internal communication results in client escalation.
This is very serious issue and unfortunately we are not getting any support and also not getting any update from FreshService support team. We have to escalate the issue to senior folks at Fresh Service to get the issue resolve. Please help with the escalation matrix.
As we have discussed, we are in the process of enhancing the notification for cc fields where, earlier, we provided the ticket cc field removal access only to the agent and the requester of the ticket. Hence, when a user email in cc tries to remove another cc'ed email address, the removed cc'ed email address would still receive a notification. Once the change is live, when a cc'ed user removes another user in cc, the notification for the removed cc'ed user would be suppressed.
Hope this would help your requirement without affecting any business continuity for all other customers too.
Thank you for using Freshservice!