Insecure message in forum login page

When requesting an email link for an account the page tells if the address exists. This is insecure and unneeded. It should be changed to a generic message “if the address is known we have sent you a link to login”

Best regards,
Sander Mathijssen

Apologies if this is not the correct place for forum bug reports

Thanks. Is there any setting option / switch for Discourse?

I find this but it’s hard to change if the logic is hard-coded:

The config file of the server should contain that option configured. If we change it to line 2096 it will not tell you if it exists.

Or perhaps this should be an issue in the Discourse repo?