X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=ChangeLog;h=82b20cc6980b595ec125c85b299df0c4d8b34b60;hp=8850355d7d775c67cbeb8fc394ceff310d15083d;hb=845aa0ec612c4289c9dd6bc86cb10ed0fb06adf2;hpb=37d5278dbc944c278005d94e60ce23bbf9e82cda diff --git a/ChangeLog b/ChangeLog index 8850355d..82b20cc6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,8 +54,6 @@ Version 1.5.1 -- CVS written by Bryan Loniewski. - Use Special Folder Color config option works again (#931956). - In POP3-class, be more liberal regarding RFC-incompliant POP3-servers. - - Disabled Korean extra functions, because they don't provide all required - options and message composition is broken. - Added Basque translation support. - Remove flag buttons / links from display if mailbox doesn't allow it. - Make used of cached ordered uid list in case of server_side_sorting. @@ -67,6 +65,51 @@ Version 1.5.1 -- CVS - Give proper error when PEAR DB not found. - Remove inappropriate strip_tags() from add-to-addressbook (#968475). - Prefs caching didn't work properly with register_globals off (#995102). + - Security: fix SQL injection vulnerability in addressbook + (CVE ID: CAN-2004-0521). + - Removed html_top and html_bottom hooks. No longer used/needed. + - Added "trailing text" for options built by SquirrelMail (text placed + after text and select list inputs on options pages) + - Custom option page values now repopulate correctly + - Added "no focus" option for compose page in display preferences (setting + reply focus to "No focus" also affects composing new messages) + - Current hook name is now globally available when running a hook ($currentHookName) + - Fix bug when Saving to Draft folder that contains special characters. + - Added size limit to signatures saved in file backend. Created error_option_save + function, that allows sending error message to options page. Thanks to Martynas + Bieliauskas for spotting big signature "option". + - Make SquirrelSpell work with safe_mode enabled, if using PHP >=4.3.0. + Patch by Ray Ferguson. + - Make IP-address in Message-ID RFC822 compliant. + - Uneditable address book entries no longer have checkboxes on addresses page. + - Alignment of title text above folder list fixed. + - Changed structure of xtra_code functions that are used by some translations. + - Added Uighur language support. + - Added status bar to compose window when "Compose In New Window" is used. + - Reenabled the move_messages_button_action hook and changed its name to + mailbox_display_button_action to promote the new location + - Making delete button, when viewing a message, consider which page was viewed + before. + - $agresive_decoding configuration option changed to $aggressive_decoding. + Fixed spelling. + - Added $lossy_encoding option (provides fix for #806698) + - Reenabled use of $default_charset option. Option works only with en_US + translation in order to prevent language/charset misconfiguration. + - Fixes for nonpopulation of folder lists and errors when emptying the trash + (provides fixes for #1019185 and #1017941) + - Fixed $custom_css loading in squirrelspell plugin. + - Turkish translation uses C character case conversion rules. Fixes php and + squirrelmail functions are assume English conversion rules. + - Fixed problem that caused an error when deleting all messages on the last page + of a paginated view (provides fix for #1014612) + - Added MySQL password/UNIX crypt support to mysql backend in the + change_password plugin + - Make SMTP Authentication detection in conf.pl more RFC-compliant. + - Fixed IMAP errors when using mail_fetch plugin to auto-fetch on login. + - Fixed folder list in Create Folders list for Courier (properly skip INBOX). + - Fixed undefined variables in sqimap_create_stream(). + - Added Bengali translation support. + - Fixed left frame mailbox list when sorting by case. Version 1.5.0 -------------------- @@ -178,7 +221,7 @@ Version 1.5.0 can enable it by setting variable in plugins/spamcop/setup.php - Fix again for Internet Explorer's stupidity of decoding characters, then executing it blindly. See http://www.securityfocus.com/archive/1/340118. - - Replaced obsolate 2mbit.com RBL with ahbl.org RBL. Bug.No.829887 + - Replaced obsolete 2mbit.com RBL with ahbl.org RBL. Bug.No.829887 - Added a sitewide override for authenticated SMTP - see authentication.txt. - Fixed sorting of sent_subfolders. Sent_subfolder plugin is hooked to special_mailbox hook. @@ -271,7 +314,7 @@ Version 1.4.0 RC 2a - Correctly fold encoded header lines. - Fix prefs caching not working correctly in PHP 4.3 caused by a stupid version checking mechanism. - - Fix XXS hole that allowed JavaScript execution by sending someone + - Fix XSS hole that allowed JavaScript execution by sending someone an email with specially crafted headers. Thanks Jason Munro, and Masato Higashiyama.