X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=ChangeLog;h=c5a5eb63949d7dde62e1c53579029c315cebd2c9;hb=9fe3419de2b7ac37d4aa520f4b5c49875f0bd711;hp=c941db271fff3a14fd1f73c75ac5e6b52ef6857a;hpb=bfb5513495378807720cf253c2f10b362abe14b5;p=squirrelmail.git

diff --git a/ChangeLog b/ChangeLog
index c941db27..c5a5eb63 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -90,6 +90,24 @@ Version 1.5.2 - CVS
   - Added line length setting in local_file address book backend (#1181561).
   - Removed proprietary wrap attribute from compose form (#1512681).
   - Fix URL for Read Receipts being incorrect in some cases (#1177518).
+  - Don't allow selecting INBOX as Sent, Draft or Trash folder (#1242346).
+  - Session cookies are turned on, if session.use_cookies is turned off
+    in PHP configuration (#1518885).
+  - Make the default attachment dir /var/local/squirrelmail/attach, not
+    $data_dir.
+  - Add HTML labels for form elements.
+  - Fixed spamcop web based reporting form (#1519673) and removed service
+    type options from spamcop plugin.
+  - Removed trailing ?> from function scripts.
+  - Added checks for non-existent backend to AddressBook class.
+  - Make the base for the SquirrelMail URL configurable. Adds a new variable
+    config_base_location to config.php and a new option to conf.pl. This is
+    to prevent problems in installs where our heuristic doesn't work
+    correctly (#1521299, #1460675, #1110064, #1000850, #1113791).
+  - Removed conf.pl dependency on Perl IO::Socket module. Automatic detection
+    of supported authentication mechanisms is disabled, if IO::Socket is not
+    available.
+  - Removed HTTP Status header from signout page (#1424748).
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------
@@ -586,7 +604,7 @@ Version 1.5.1 (branched on 2006-02-12)
   - Add doc/security.txt with some hints for a more secure installation.
   - Added sqauth_read_password() and sqauth_save_password() functions.
   - Unset global GET, POST and COOKIE variables registered in PHP
-    register_globals=on setups.
+    register_globals=on setups. (Also addresses: CVE-2006-2842, CVE-2006-3174)
   - Capabilities array now contains all multivalue information provided
     by the IMAP server. (Such as THREAD=SORT, THREAD=REFERENCES).
   - Inclusion of Compatibility plugin automatic (no patch needed for plugin)