Version 1.5.2 - SVN
-------------------
+ - Fix broken set_url_var function in functions/html.php (#1729814).
+ - Fix incorrect detection of auth mechanisms in conf.pl (#1727033).
- The search expression in the LDAP backend of the Addressbook is now
configurable, which can allow the result set to be expanded.
- Preliminary support for NAMESPACE in Squirrelmail IMAP Backend: NAMESPACE
domains. If plugins use this function, it fixes #1434043.
- Add dynamic textarea sizing slider control to compose screen (default_advanced
skin)
+ - Security: fixes for the HTML filter to counter further XSS exploits:
+ HTML attachments containing 'data:' URLs, Internet Explorer-specifc
+ charset conversion exploits, and request forgery through included
+ images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon
+ for reporting these issues. [CVE-2007-1262]
+ - Fix busy loop and notice when two literals in IMAP fetch (#1739433).
+ - Resolved issue with compose session not being updated after send/save.
+ - Added ability to detect HTTP_X_FORWARDED_PROTO in get_location(),
+ thanks to Daniel Watts.
+ - Fix test for signout.php in the logged in check in init.php so it
+ cannot be circumvented by manipulating the URL. External plugins might
+ rely on init.php guaranteeing that the user is logged in.
+ - Sort readdir() output in conf.pl (#1755886).
Version 1.5.1 (branched on 2006-02-12)
--------------------------------------
projects / squirrelmail.git / blobdiff