X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=ChangeLog;h=88fc5b09255b4f71e56f479daf014ad9c09ffa3b;hp=4ab602548c9c83ba9e29873bd761d1cec6d537f9;hb=93917f92375f25b02bbba71f70ee99b7e81eceb0;hpb=a7e002d2601a5e434edabe216320a2cc1a361c80

diff --git a/ChangeLog b/ChangeLog
index 4ab60254..88fc5b09 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -199,9 +199,22 @@ Version 1.5.2 - SVN
     HTML attachments containing 'data:' URLs, Internet Explorer-specifc
     charset conversion exploits, and request forgery through included
     images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon
-    for reporting these issues. [CVE-2007-1262]
+    for reporting these issues. [CVE-2007-1262, CVE-2007-2589]
   - Fix busy loop and notice when two literals in IMAP fetch (#1739433).
-  - Resolved issue with compose session not being updated after send/safe.
+  - Resolved issue with compose session not being updated after send/save.
+  - Added ability to detect HTTP_X_FORWARDED_PROTO in get_location(),
+    thanks to Daniel Watts.
+  - Fix test for signout.php in the logged in check in init.php so it
+    cannot be circumvented by manipulating the URL. External plugins might
+    rely on init.php guaranteeing that the user is logged in.
+  - Sort readdir() output in conf.pl (#1755886).
+  - Made the webmail_top hook work again for plugins that want to change
+    the URI of the "right" frame; plugins have to change the value of the
+    global variable $right_frame_url
+  - No longer store all message composition sessions in the PHP session,
+    since it was not made use of and in rare cases, made sessions too big
+  - Composition restoration functionality now correctly restores attachments
+  - Added smtp_auth hook
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------