HTML attachments containing 'data:' URLs, Internet Explorer-specifc
charset conversion exploits, and request forgery through included
images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon
- for reporting these issues. [CVE-2007-1262]
+ for reporting these issues. [CVE-2007-1262, CVE-2007-2589]
- Fix busy loop and notice when two literals in IMAP fetch (#1739433).
- Resolved issue with compose session not being updated after send/save.
- Added ability to detect HTTP_X_FORWARDED_PROTO in get_location(),
- Fix test for signout.php in the logged in check in init.php so it
cannot be circumvented by manipulating the URL. External plugins might
rely on init.php guaranteeing that the user is logged in.
+ - Sort readdir() output in conf.pl (#1755886).
Version 1.5.1 (branched on 2006-02-12)
--------------------------------------