X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=ChangeLog;h=978eb9fb7ff73a541702db2297bda7130628c35c;hb=5b0931c5ab52a322a629e047b098a885f951b41f;hp=4006276bede6f96849c1ff2972d05014fc4f67eb;hpb=a462b928364ea57f318091de3c175cd2f7a1148e;p=squirrelmail.git

diff --git a/ChangeLog b/ChangeLog
index 4006276b..978eb9fb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -511,10 +511,40 @@ Version 1.5.1 -- CVS
   - Fixed character wrapping/encoding issues in Japanese translation (#1377622). 
     Issue is specific to sqBodyWrap() and string function wrappers introduced in 
     1.5.1.
-  - MagicHTML fix for comments in styles.
+  - Security: MagicHTML fix for comments in styles which allowed
+    for cross site scripting when using Internet Explorer
+    [CVE-2006-0195].
   - Added 'mail' and 'sn' attributes to address book LDAP backend search
     expression (#1368154).
   - Added mailbox caching code by Michael Long.
+  - Prevent output of whitespace during plugin activation. Fixes possible 
+    attachment corruption by incorrectly coded plugins.
+  - Fixed data sanitizing in calendar plugin (#1291081)(#705796).
+  - Security: Prohibit imap injection attempts (reported by Vicente Aguilera)
+    [CVE-2006-0377].
+  - Don't move messages in sqimap_msgs_list_move() function call, when target
+    mailbox is same as source mailbox. Adds fifth argument to 
+    sqimap_msgs_list_move() function. Fixes possible issues on MacOS Cyrus
+    IMAP server (#1409453).
+  - Style sheets are moved to template.
+  - displayHtmlHeader() function call sends http headers in order to prevent 
+    page caching.
+  - Added Template set selection.
+  - Merged patch from Steve Brown to transform current templates to css
+    based templates.
+  - Added footer template to every page.
+  - Added experimental IMAP and SMTP STARTTLS extension support.
+  - Security: Fix possible cross site scripting through the right_main
+    parameter of webmail.php. This now uses a whitelist of acceptable
+    values. [CVE-2006-0188]
+  - Disabled display of regexp compilation errors in local_file address
+    book backend.
+  - DOCTYPE tags are switched from quirks to standard compliance mode.
+  - Improved error reporting concerning THREAD, SORT and BADCHARSET.
+  - Added options to disable THREAD and SORT extension.
+  - Fixed mailbox cache issues caused by using prev/next links in
+    read_body.php.
+  - Added View as HTML support to the SquirrelMail core.
 
 Version 1.5.0 - 2 February 2004
 -------------------------------
@@ -633,6 +663,8 @@ Version 1.5.0 - 2 February 2004
   - Integration of delete_move_next plugin into core.
   - Compression of buttons/headers for message index and message body
   - New option to save replies in the same folder as the original message.
+  - Remove possible unneeded IMAP call for NAMESPACE if it was saved in the
+    session (suggestion by Michael Long).
 
 
 **************************************