fix strict js/css notices (#1778815)

[squirrelmail.git] / ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 015fcf1d0d5751dd84da449681d24aae24db89fc..88fc5b09255b4f71e56f479daf014ad9c09ffa3b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -199,7 +199,7 @@ Version 1.5.2 - SVN
     HTML attachments containing 'data:' URLs, Internet Explorer-specifc
     charset conversion exploits, and request forgery through included
     images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon
-    for reporting these issues. [CVE-2007-1262]
+    for reporting these issues. [CVE-2007-1262, CVE-2007-2589]
   - Fix busy loop and notice when two literals in IMAP fetch (#1739433).
   - Resolved issue with compose session not being updated after send/save.
   - Added ability to detect HTTP_X_FORWARDED_PROTO in get_location(),
@@ -207,6 +207,14 @@ Version 1.5.2 - SVN
   - Fix test for signout.php in the logged in check in init.php so it
     cannot be circumvented by manipulating the URL. External plugins might
     rely on init.php guaranteeing that the user is logged in.
+  - Sort readdir() output in conf.pl (#1755886).
+  - Made the webmail_top hook work again for plugins that want to change
+    the URI of the "right" frame; plugins have to change the value of the
+    global variable $right_frame_url
+  - No longer store all message composition sessions in the PHP session,
+    since it was not made use of and in rare cases, made sessions too big
+  - Composition restoration functionality now correctly restores attachments
+  - Added smtp_auth hook
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------