Indentation cleanup

[squirrelmail.git] / ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 927054ec110d3e38ea71c929c21f9ff28b5e611d..aa21fa2947c2d6e1d81de561015947abb467eb0f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -65,8 +65,8 @@ Version 1.5.1 -- CVS
   - Give proper error when PEAR DB not found.
   - Remove inappropriate strip_tags() from add-to-addressbook (#968475).
   - Prefs caching didn't work properly with register_globals off (#995102).
-  - Security: fix SQL injection vulnerability in addressbook
-    [CAN-2004-0521].
+  - Security: fix SQL injection vulnerability in addressbook.
+    [CAN-2004-0521]
   - Removed html_top and html_bottom hooks.  No longer used/needed.
   - Added "trailing text" for options built by SquirrelMail (text placed
     after text and select list inputs on options pages)
@@ -174,7 +174,9 @@ Version 1.5.1 -- CVS
   - Fix listcommands plugin to behave like normal reply/compose
     links, and return to message page that originally called from.
   - Max upload file size now correctly handles a '-1' value, meaning
-    unlimited (#1094569). 
+    unlimited. (#1094569).
+  - Security: Added hook for Preferences Backend to resolve potential
+    file inclusions. [CAN-2005-0075] 
 
 Version 1.5.0
 --------------------
@@ -514,7 +516,7 @@ Version 1.2.6 -- April 29 2002
   - Added a server-side sorting global option
   - Compose in new window size can be set in Display prefs.
   - Logout error system unified.
-  - Security: Fix for a "theme passed as cookie" exploit. [CVE-2002-0516]
+  - Security: Fix for a "theme passed as cookie" exploit. [CAN-2002-0516]
   - PostgreSQL is now supported for database backed use
   - Added user option to sort messages by internal date
   - Changed attachment handling now attachments are adressed to