also includes general cleanup of that page (Thanks to Niels Teusink).
[also CVE-2009-1578]
- Fixed unsanitized shell command in example IMAP username mapping
- function (map_yp_alias) (Thanks to Niels Teusink). [CVE-2009-1579]
+ function (map_yp_alias) (Thanks to Niels Teusink).
+ [CVE-2009-1579, CVE-2009-1381]
- Fixed session fixation issues where someone who can modify a user's
cookies could gain control of their login session. The SquirrelMail
base URI is now uniformly generated, extraneous cookies are cleaned
up and session IDs are regenerated upon every login (Thanks to Tomas
Hoger). [CVE-2009-1580]
+ - Cleanup variable name in address search for compose to clearup confusion.
+ - Remove Javascript from address search page when JavaScript is disabled.
+ - Add "Check All" function to address book when using "in-page" addressbook.
+ - Fixed the Filters plugin to allow commas in filter criteria text.
+ - In SMTP, when we EHLO with an IP, wrap it in brackets (#2793154).
+ - Bug Report plugin not handling multiple same key capabilities (thread/auth)
+ (#2796007).
+ - Removed the shut down DSBL blocklists (#2796734).
+ - Fixed broken RFC1918 reference in contrib/.htaccess and doc/.htaccess (#2798839).
+ - Stop using deprecated ereg functions. (#2820952)
+ - Remove personal data from Message ID seed. (#880029/847107)
+ - Implemented page referal verification mechanism. (Secunia Advisory SA34627)
+ - Implemented security token system. (Secunia Advisory SA34627)
+ - Fix issue with multi-part related messages not showing all attachments (#2830140).
+ - Fix for security token missing in newmail plugin (#2919418).
+ - Fix for mailto: urls containing + characters, thanks to Michael Puls II for the
+ patch.
+ - Make base URL autodetection more robust; fixes some lighttpd issues
+ (probably #1741469).
+ - Encoded From headers now properly quoted (#2830141).
+ - Multibyte strings (notably subjects) are now handled correctly (#2824813,
+ #2925731).
+ - X-DNS-Prefetch-Control: off header is now sent to browsers to prevent information
+ leakage when Firefox does DNS prefetching for URLs contained in emails.
+ - Added the ability to configure Google Mail (Gmail) as the mail server
+ behind SquirrelMail.
+ - Fix error with SpamCop reporting plugin not being able to send report as
+ emails (#1795310).
+ - Fix typo in SpamCop plugin.
+ - Reduced default time security tokens stay valid from 30 days to 2 days
+ (reduces chances of session data growing too large)
+ - Fixed minor vulnerability in Mail Fetch plugin [CVE-2010-1637/TEHTRI-SA-2010-009]
+ - Now properly quote personal part of encoded addresses when replying.
Version 1.5.1 (branched on 2006-02-12)
--------------------------------------
projects / squirrelmail.git / blobdiff