*** SquirrelMail Devel Series 1.5 ***
*************************************
-Version 1.5.1 -- CVS
---------------------
+Version 1.5.2 - CVS
+-------------------
+ - Fix warning about array required in array_keys for display options when no
+ fontset is defined.
+ - Added "bad plugin" blacklist in configtest.php.
+ - Fix MagicHTML fix with respect to parsing of u\rl in IE.
+ - Added monitored folders option to newmail plugin.
+ - Tweaked STARTTLS option for SMTP/IMAP to allow previous settings of just
+ pure TLS not to be used to assume STARTTLS.
+ - Fixed quotes in configuration strings in administrator plugin.
+ - Fixed View as HTML link so it doesn't forget it was part of a seach result.
+ - Don't use delimiter in IMAP subscription command, when noselect folder is
+ created.
+ - Security: Possible cookie theft in src/redirect.php if
+ register_globals is enabled, and malicous site is running
+ in same domain.
+ - Stop URL parsing, if 8bit symbols or HTML entities are detected (#1356798).
+ - Added new color themes by Jeremy Landes, Tammi Maggard and Lucas Austin-Howe
+ (#1378332), (#1377567), (#1377529), (#1377528), (#1377527), (#1377526),
+ (#1377525), (#1393188).
+ - Issue loading options page always loaded the prefs
+ initial_value on display, instead of the users' value.
+ - Adding the message_body hook to src/view_html.php and src/view_text.php,
+ allowing display of unsafe images when viewing HTML attachments and when
+ HTML is in an <iframe>.
+
+Version 1.5.1 (branched on 2006-02-12)
+--------------------------------------
- New reply citation to include date and author.
- Security: Fix some possible XSS bugs.
- Norwegian Bokmal translation uses nb_NO.
- Fixed character wrapping/encoding issues in Japanese translation (#1377622).
Issue is specific to sqBodyWrap() and string function wrappers introduced in
1.5.1.
- - MagicHTML fix for comments in styles.
+ - Security: MagicHTML fix for comments in styles which allowed
+ for cross site scripting when using Internet Explorer
+ [CVE-2006-0195].
- Added 'mail' and 'sn' attributes to address book LDAP backend search
expression (#1368154).
- Added mailbox caching code by Michael Long.
- Prevent output of whitespace during plugin activation. Fixes possible
attachment corruption by incorrectly coded plugins.
- Fixed data sanitizing in calendar plugin (#1291081)(#705796).
+ - Security: Prohibit imap injection attempts (reported by Vicente Aguilera)
+ [CVE-2006-0377].
+ - Don't move messages in sqimap_msgs_list_move() function call, when target
+ mailbox is same as source mailbox. Adds fifth argument to
+ sqimap_msgs_list_move() function. Fixes possible issues on MacOS Cyrus
+ IMAP server (#1409453).
+ - Style sheets are moved to template.
+ - displayHtmlHeader() function call sends http headers in order to prevent
+ page caching.
+ - Added Template set selection.
+ - Merged patch from Steve Brown to transform current templates to css
+ based templates.
+ - Added footer template to every page.
+ - Added experimental IMAP and SMTP STARTTLS extension support.
+ - Security: Fix possible cross site scripting through the right_main
+ parameter of webmail.php. This now uses a whitelist of acceptable
+ values. [CVE-2006-0188]
+ - Disabled display of regexp compilation errors in local_file address
+ book backend.
+ - DOCTYPE tags are switched from quirks to standard compliance mode.
+ - Improved error reporting concerning THREAD, SORT and BADCHARSET.
+ - Added options to disable THREAD and SORT extension.
+ - Fixed mailbox cache issues caused by using prev/next links in
+ read_body.php.
+ - Added View as HTML support to the SquirrelMail core.
+ - Fixed bug #550557.
+ - Applied status cache patch created by Michael Long.
+ - Updated newmail plugin to make use of status cache (Michael Long)
+ - Added RECENT check to left_main.php to bold the unseen message string if
+ there are recent messages.
+ - Fixed search query in filters.php, now we respect the imap continuation
+ request (Michael Long).
+ - Fixed bug in digest message view where the from name disappeared after
+ opening a digest message.
+ - Fixed checkall link in case javascript was disabled.
+ - Rewrite of thread parsing code in order to improve performance.
+ - Adapted message squisher function to gain performance.
+ - Fixed bug #1093360, skip untagged NO responses in APPEND query.
Version 1.5.0 - 2 February 2004
-------------------------------
projects / squirrelmail.git / blobdiff