HTML attachments containing 'data:' URLs, Internet Explorer-specifc
charset conversion exploits, and request forgery through included
images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon
- for reporting these issues. [CVE-2007-1262]
+ for reporting these issues. [CVE-2007-1262, CVE-2007-2589]
- Fix busy loop and notice when two literals in IMAP fetch (#1739433).
- Resolved issue with compose session not being updated after send/save.
- Added ability to detect HTTP_X_FORWARDED_PROTO in get_location(),
- Fix test for signout.php in the logged in check in init.php so it
cannot be circumvented by manipulating the URL. External plugins might
rely on init.php guaranteeing that the user is logged in.
+ - Sort readdir() output in conf.pl (#1755886).
+ - Made the webmail_top hook work again for plugins that want to change
+ the URI of the "right" frame; plugins have to change the value of the
+ global variable $right_frame_url
+ - No longer store all message composition sessions in the PHP session,
+ since it was not made use of and in rare cases, made sessions too big
+ - Composition restoration functionality now correctly restores attachments
+ - Added smtp_auth hook
+ - Removed "Include CCs when Forwarding Messages", which had no functionality
+ whatsoever.
+ - Added "preselected" query argument to mailbox list.
+ - Make the Message Details plugin actually show the correct entity when
+ viewing details of attached messages.
+ - Enabled user selection of address format when adding from address
+ book during message composition.
+ - Added a "short_open_tag" configuration test.
+ - Fixed outgoing messages to allow addresses such as "0@..." or "000@...",
+ etc. (#1818398).
+ - PAGE_NAME might not be defined in all plugins, which might cause a
+ "not defined" error on session timeouts.
+ - Allow custom session handlers to work correctly (and be defined at the
+ application level with SquirrelMail).
+ - Fix off-by-one in bodystructure parsing triggered by servers sending
+ a body location part (e.g. Sun Java System Messaging Server). Thanks
+ John Callahan (#1808382).
+ - Invalid initialization of To: header (#1772893).
+ - Added SquirrelMail debug mode.
+ - Handle PHP's insistence on setting the value to 'deleted' for destroyed sessions
+ (#1829098).
+ - Some IMAP servers send nil for an empty email body (See RFC2180,
+ section 4.1.3 on empty strings).
+ - Let configtest.php use optional PEAR dynamic extension loading,
+ patch by Walter Huijbers (#1833123).
+ - Fix for IMAP servers that were having problems saving sent messages
+ - Added "Secured Configuration" mode.
+ - Added edit list, checkbox, radio group, multiple-select folder list
+ and multiple-select string list option widget types.
+
Version 1.5.1 (branched on 2006-02-12)
--------------------------------------
projects / squirrelmail.git / blobdiff