X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=doc%2FChangeLog;h=936ff6721ea11231e2491d9afac3e9ccbc59a1ac;hb=b4218cbed1bc353d32f0694ae2045a735cc4dfb3;hp=76fbc0e2f5254d59ad82b2a85c9092f75ac3bd2b;hpb=52859dec8077413a165cd3b00cdbf54331c6a6cc;p=squirrelmail.git

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 76fbc0e2..936ff672 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -407,6 +407,25 @@ Version 1.5.2 - SVN
   - Fixed insufficient sendmail command argument escaping (thanks
     to Mitchel Sahertian, Beyond Security/Dawid Golunski and Filippo
     Cavallarin for bringing this to our attention). [CVE-2017-7692]
+  - Added ability to control the display of the "Check Spelling"
+    button provided by the squirrelspell plugin, which allows
+    administrators to offer this plugin but keep it out of the way
+    for users who do not want it. Put sqspell_show_button=0 in 
+    default preferences if it should be hidden by default
+  - Add ability for saved drafts to indicate if they are a reply
+    or forward and if so, to which message, and mark that message
+    as replied or forwarded when the draft is finally sent
+  - Added option to allow returning to the message one had been
+    replying to after sending 
+  - Sanitize user-supplied attachment filenames (thanks to Florian
+    Grunow for reporting this issue) [CVE-2018-8741]
+  - Changed anti-CSRF security token lifetime to be session-based.
+  - Added favicon and ability for admins to use their own by setting
+    $head_tag_extra in config_local.php (see documentation in
+    config/config_local.php)
+  - Updated SVG handling, closing several related vulnerabilities
+    (#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952]
+    [CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955]
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------