We have just upgraded to v1.9 and when a customer places order, the auto transational email is going to that customer - and a number of other wrong customers.
This is a major security issue since it has the other customers' emails and postal addresses etc. I have googled and this problem appears to have been known for at least a year. Since we have just upgraded, I would have assumed it would have been solved by now.
How can such a serious issue have existed for over a year without action - I can't find any patches - just individuals posting their own solutions which might work.