add another applicable cve ID to the changelog,

[squirrelmail.git] / ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 32a692dd9908ce302ecc44a5afdf770866141795..594c89b9d80dc65780ae00709eec9cdece2b17e6 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -199,8 +199,15 @@ Version 1.5.2 - SVN
     HTML attachments containing 'data:' URLs, Internet Explorer-specifc
     charset conversion exploits, and request forgery through included
     images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon
-    for reporting these issues. [CVE-2007-1262]
+    for reporting these issues. [CVE-2007-1262, CVE-2007-2589]
   - Fix busy loop and notice when two literals in IMAP fetch (#1739433).
+  - Resolved issue with compose session not being updated after send/save.
+  - Added ability to detect HTTP_X_FORWARDED_PROTO in get_location(),
+    thanks to Daniel Watts.
+  - Fix test for signout.php in the logged in check in init.php so it
+    cannot be circumvented by manipulating the URL. External plugins might
+    rely on init.php guaranteeing that the user is logged in.
+  - Sort readdir() output in conf.pl (#1755886).
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------