X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=ChangeLog;h=9d78a247eb71098b58fd9ad9e122c05fc3d79b2b;hb=17886554b3f775ee12df72e3a63f7b0112548d7a;hp=0b0f5ea4f5150e0651bbcd0f9ffc6ee6e825a10a;hpb=9d0239afa62c0b640a0a6e42bff80968edd85027;p=squirrelmail.git diff --git a/ChangeLog b/ChangeLog index 0b0f5ea4..9d78a247 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,8 @@ Version 1.5.1 -- CVS written by Bryan Loniewski. - Use Special Folder Color config option works again (#931956). - In POP3-class, be more liberal regarding RFC-incompliant POP3-servers. + - Set up language before outputing errors in auth.php to make them appear in + the correct language. - Added Basque translation support. - Remove flag buttons / links from display if mailbox doesn't allow it. - Make used of cached ordered uid list in case of server_side_sorting. @@ -65,8 +67,8 @@ Version 1.5.1 -- CVS - Give proper error when PEAR DB not found. - Remove inappropriate strip_tags() from add-to-addressbook (#968475). - Prefs caching didn't work properly with register_globals off (#995102). - - Security: fix SQL injection vulnerability in addressbook - [CAN-2004-0521]. + - Security: fix SQL injection vulnerability in addressbook. + [CAN-2004-0521] - Removed html_top and html_bottom hooks. No longer used/needed. - Added "trailing text" for options built by SquirrelMail (text placed after text and select list inputs on options pages) @@ -163,6 +165,8 @@ Version 1.5.1 -- CVS - Prevent & being eaten in set_url_var, thanks Marcin Orlowski. Fixes #1053725. - Removed internal_link hook. - Added sq_setlocale function in order to use multiple locale names. + - Set up language before outputing errors in signout.php to make them appear + in the correct language. - Added size attributes to new_mail sound tags. Fixes #818958. - Removed extra ; in SquirrelMail added Received header per RFC 822. Fixes #1088548. - Add IMAP server type "hmailserver" to make search work with hMailServer. @@ -174,9 +178,20 @@ Version 1.5.1 -- CVS - Fix listcommands plugin to behave like normal reply/compose links, and return to message page that originally called from. - Max upload file size now correctly handles a '-1' value, meaning - unlimited (#1094569). + unlimited. (#1094569). - Security: Added hook for Preferences Backend to resolve potential - file inclusions + file inclusions. [CAN-2005-0075] + - Remove Printer Friendly Clean Display config option, the cleaning + is now always done. + - Create new Options section "Compose Preferences" and move some + options from Display Preferences there; also move some around within + Display Preferences. + - Security: Fix possible file/offsite inclusion in src/webmail.php. + [CAN-2005-0103] + - Security: Fix possible XSS issues in src/webmail.php. [CAN-2005-0104] + - Fix undefined variables in src/webmail.php. + - 24hr clock format should include a leading 0. + - Removed numeric keys for plugin array in config.php Version 1.5.0 -------------------- @@ -516,7 +531,7 @@ Version 1.2.6 -- April 29 2002 - Added a server-side sorting global option - Compose in new window size can be set in Display prefs. - Logout error system unified. - - Security: Fix for a "theme passed as cookie" exploit. [CVE-2002-0516] + - Security: Fix for a "theme passed as cookie" exploit. [CAN-2002-0516] - PostgreSQL is now supported for database backed use - Added user option to sort messages by internal date - Changed attachment handling now attachments are adressed to