X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=ChangeLog;h=978eb9fb7ff73a541702db2297bda7130628c35c;hb=5b0931c5ab52a322a629e047b098a885f951b41f;hp=07f2c5a31a0e3f9d02614b2556218c6368dd7efb;hpb=99ecf044060cdb4f2b3b7512dbfcee4406018300;p=squirrelmail.git diff --git a/ChangeLog b/ChangeLog index 07f2c5a3..978eb9fb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -461,6 +461,90 @@ Version 1.5.1 -- CVS - If you don't have any filters defined, and spam filters are disabled, no point issuing a STATUS call on INBOX for the filters plugin. - Added folder filtering controls to SMOPT_TYPE_FLDRLIST option widget. + - Security: Fixed possible XSS issue in search feature. Issue was + originally resolved in stable, but changes not migrated forward. + - Update the cached mailbox header with the \Answered flag in case of an + reply. + - Added site configuration options to bug_report plugin. Plugin is available + only to interface administrators by default. See more information in + plugins/bug_report/README file. + - E_NOTICE and unlink error message if user hits delete multiple times + before compose page has reloaded. + - Undefined variable in rare case in view_header.php + - Variable by reference fix in printer_friendly_bottom.php. + - Undefined index in addressbook backends. + - sqimap_utf7_decode_mbx_tree returns variables by reference, rather than a + return value (#1351822) + - Make test for IE6 in SendDownloadHeaders also match versions higher + than 6 (#1339211). + - Allow double quote to be used in MOTD (#1276959). + - Prevent right_frame to be set to '//www.example.com'. + - Tweak printer friendly attachment view. + - Added new compose_send_after hook. + - Added new scheme to allow multiple plugins to share the onsubmit handler + for the compose form from the compose_form hook. See plugin.txt for more + information. + - Support for LIST-SUBSCRIBED extension. This speeds up the retrieval of + the subscribed mailbox-list. + - Properly clean up temporary attachment files when saving as Draft + (#1358407) and fix attachment cleaning code on logout. + - Fixed error message in addressbook.php lookup (#1351825). + - Fixed incorrect curly escape in sqimap_append(). Error triggered by PHP 5.1 + bugfix (#1366982). + - Fixed ContentType object check in Rfc822Header class. E_NOTICE error + in PHP 5.1. + - Key value being overwritten by reuse of var in filters plugin. + - Add doc/security.txt with some hints for a more secure installation. + - Added sqauth_read_password() and sqauth_save_password() functions. + - Unset global GET, POST and COOKIE variables registered in PHP + register_globals=on setups. + - Capabilities array now contains all multivalue information provided + by the IMAP server. (Such as THREAD=SORT, THREAD=REFERENCES). + - Inclusion of Compatibility plugin automatic (no patch needed for plugin) + - Moved sqm_baseuri() into more centralized location (strings.php) + - Introduced $sendmail_args configuration variable in order to control + /usr/sbin/sendmail command arguments (#1365779). Deliver_SendMail class was + modified to provide support of $sendmail_args. Modifications broke backwards + compatibility with qmail-inject workarounds. + - Added execution error handling in Deliver_SendMail class (#1374174). + - Sanitized Draft folder error message in compose. + - Fixed character wrapping/encoding issues in Japanese translation (#1377622). + Issue is specific to sqBodyWrap() and string function wrappers introduced in + 1.5.1. + - Security: MagicHTML fix for comments in styles which allowed + for cross site scripting when using Internet Explorer + [CVE-2006-0195]. + - Added 'mail' and 'sn' attributes to address book LDAP backend search + expression (#1368154). + - Added mailbox caching code by Michael Long. + - Prevent output of whitespace during plugin activation. Fixes possible + attachment corruption by incorrectly coded plugins. + - Fixed data sanitizing in calendar plugin (#1291081)(#705796). + - Security: Prohibit imap injection attempts (reported by Vicente Aguilera) + [CVE-2006-0377]. + - Don't move messages in sqimap_msgs_list_move() function call, when target + mailbox is same as source mailbox. Adds fifth argument to + sqimap_msgs_list_move() function. Fixes possible issues on MacOS Cyrus + IMAP server (#1409453). + - Style sheets are moved to template. + - displayHtmlHeader() function call sends http headers in order to prevent + page caching. + - Added Template set selection. + - Merged patch from Steve Brown to transform current templates to css + based templates. + - Added footer template to every page. + - Added experimental IMAP and SMTP STARTTLS extension support. + - Security: Fix possible cross site scripting through the right_main + parameter of webmail.php. This now uses a whitelist of acceptable + values. [CVE-2006-0188] + - Disabled display of regexp compilation errors in local_file address + book backend. + - DOCTYPE tags are switched from quirks to standard compliance mode. + - Improved error reporting concerning THREAD, SORT and BADCHARSET. + - Added options to disable THREAD and SORT extension. + - Fixed mailbox cache issues caused by using prev/next links in + read_body.php. + - Added View as HTML support to the SquirrelMail core. Version 1.5.0 - 2 February 2004 ------------------------------- @@ -579,6 +663,8 @@ Version 1.5.0 - 2 February 2004 - Integration of delete_move_next plugin into core. - Compression of buttons/headers for message index and message body - New option to save replies in the same folder as the original message. + - Remove possible unneeded IMAP call for NAMESPACE if it was saved in the + session (suggestion by Michael Long). **************************************