projects / squirrelmail.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Updated SVG handling, closing several related vulnerabilities reported in #2831 and...
[squirrelmail.git] / doc / ChangeLog
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 446b7ebf25360284e86247450079269f2d722903..936ff6721ea11231e2491d9afac3e9ccbc59a1ac 100644 (file)
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -417,6 +417,15 @@ Version 1.5.2 - SVN
     as replied or forwarded when the draft is finally sent
   - Added option to allow returning to the message one had been
     replying to after sending 
+  - Sanitize user-supplied attachment filenames (thanks to Florian
+    Grunow for reporting this issue) [CVE-2018-8741]
+  - Changed anti-CSRF security token lifetime to be session-based.
+  - Added favicon and ability for admins to use their own by setting
+    $head_tag_extra in config_local.php (see documentation in
+    config/config_local.php)
+  - Updated SVG handling, closing several related vulnerabilities
+    (#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952]
+    [CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955]
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------
Unnamed repository; edit this file 'description' to name the repository.