X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=doc%2FChangeLog;h=4eb9f53f0fb7475996a2a197e58ccad90e896d70;hb=a28de4194b8f41675c0034aeabee86ab35a8c00f;hp=234feac5b87f0a4de3b85b3e1ccbd560a99c9bcd;hpb=f43698c16073faebd44898def87a8c40df8f4530;p=squirrelmail.git diff --git a/doc/ChangeLog b/doc/ChangeLog index 234feac5..4eb9f53f 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -293,6 +293,8 @@ Version 1.5.2 - SVN - Completed a massive update to contrib/flat2sql.pl. - Display visual indication of forwarded messages. - Added Khmer translation (Thanks to Khoem Sokhem). + - Removed use of session_unregister() for compatibility with PHP 5.3.0 + and PHP 6 - Remove ability for HTML emails to use CSS positioning to overlay SquirrelMail content (Thanks to Luc Beurton). (#2723196) [CVE-2009-1581] - Fixed improper sanitizing of PHP_SELF and the lack of sanitizing of @@ -301,6 +303,19 @@ Version 1.5.2 - SVN - Fixed the lack of sanitizing of contrib/decrypt_headers.php input; also includes general cleanup of that page (Thanks to Niels Teusink). [also CVE-2009-1578] + - Fixed unsanitized shell command in example IMAP username mapping + function (map_yp_alias) (Thanks to Niels Teusink). + [CVE-2009-1579, CVE-2009-1381] + - Fixed session fixation issues where someone who can modify a user's + cookies could gain control of their login session. The SquirrelMail + base URI is now uniformly generated, extraneous cookies are cleaned + up and session IDs are regenerated upon every login (Thanks to Tomas + Hoger). [CVE-2009-1580] + - Cleanup variable name in address search for compose to clearup confusion. + - Remove Javascript from address search page when JavaScript is disabled. + - Add "Check All" function to address book when using "in-page" addressbook. + - Fixed the Filters plugin to allow commas in filter criteria text. + - In SMTP, when we EHLO with an IP, wrap it in brackets (#2793154). Version 1.5.1 (branched on 2006-02-12) --------------------------------------