projects / squirrelmail.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixed improper sanitizing of PHP_SELF and the lack of sanitizing of QUERY_STRING...
[squirrelmail.git] / doc / ChangeLog
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 399767f318a376aa6bdc301a7a28c4e0a3adf0e1..0eb4594438b5b12f7b0ad8fa8f41a4e2823ac870 100644 (file)
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -292,6 +292,12 @@ Version 1.5.2 - SVN
     Thanks to Kelly Fallon. (#2226470, $1473714)
   - Completed a massive update to contrib/flat2sql.pl.
   - Display visual indication of forwarded messages.
+  - Added Khmer translation (Thanks to Khoem Sokhem).
+  - Remove ability for HTML emails to use CSS positioning to overlay
+    SquirrelMail content (Thanks to Luc Beurton). (#2723196) [CVE-2009-1581]
+  - Fixed improper sanitizing of PHP_SELF and the lack of sanitizing of
+    QUERY_STRING server environment variables. (Thanks to Niels Teusink
+    and Christian Balzer). [CVE-2009-1578]
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------
Unnamed repository; edit this file 'description' to name the repository.