X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=doc%2FChangeLog;h=42ffee7142e744b3c8b362fd8f577c97b242b836;hb=dfc64d149b23ad2e06a10ff4f187ea9ce664bbc9;hp=62378f38fcf28b8cc88a615e890fdd602aab7c88;hpb=6ce16a176c91da844b39e931a203ec25dd0c2c56;p=squirrelmail.git

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 62378f38..42ffee71 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -400,6 +400,35 @@ Version 1.5.2 - SVN
     can edit their reply-to address ($edit_reply_to in config.php)
   - Added new "login_before_page_header" (boolean) hook; allows
     plugins to have more explicit control over login page header
+  - Added new "smtp_helo_override" hook; allows plugins to override
+    the HELO host sent to the SMTP server when sending messages
+  - Added PDO support for database connections, so no external
+    database module needs to be installed
+  - Fixed insufficient sendmail command argument escaping (thanks
+    to Mitchel Sahertian, Beyond Security/Dawid Golunski and Filippo
+    Cavallarin for bringing this to our attention). [CVE-2017-7692]
+  - Added ability to control the display of the "Check Spelling"
+    button provided by the squirrelspell plugin, which allows
+    administrators to offer this plugin but keep it out of the way
+    for users who do not want it. Put sqspell_show_button=0 in 
+    default preferences if it should be hidden by default
+  - Add ability for saved drafts to indicate if they are a reply
+    or forward and if so, to which message, and mark that message
+    as replied or forwarded when the draft is finally sent
+  - Added option to allow returning to the message one had been
+    replying to after sending 
+  - Sanitize user-supplied attachment filenames (thanks to Florian
+    Grunow for reporting this issue) [CVE-2018-8741]
+  - Changed anti-CSRF security token lifetime to be session-based.
+  - Added favicon and ability for admins to use their own by setting
+    $head_tag_extra in config_local.php (see documentation in
+    config/config_local.php)
+  - Updated SVG handling, closing several related vulnerabilities
+    (#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952]
+    [CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955]
+  - Added IMAP ID command (RFC2971), sent after every login - use
+    by setting $imap_id_command_args in config/config_local.php
+    (see notes in config/config_local.example.php for more details)
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------