projects / squirrelmail.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Updated SVG handling, closing several related vulnerabilities reported in #2831 and...
[squirrelmail.git] / doc / ChangeLog
diff --git a/doc/ChangeLog b/doc/ChangeLog
index fb04cf20618b2f6cdab6bf405b72a867994398bb..936ff6721ea11231e2491d9afac3e9ccbc59a1ac 100644 (file)
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -419,6 +419,13 @@ Version 1.5.2 - SVN
     replying to after sending 
   - Sanitize user-supplied attachment filenames (thanks to Florian
     Grunow for reporting this issue) [CVE-2018-8741]
+  - Changed anti-CSRF security token lifetime to be session-based.
+  - Added favicon and ability for admins to use their own by setting
+    $head_tag_extra in config_local.php (see documentation in
+    config/config_local.php)
+  - Updated SVG handling, closing several related vulnerabilities
+    (#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952]
+    [CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955]
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------
Unnamed repository; edit this file 'description' to name the repository.