X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=doc%2FChangeLog;h=00c90fade11fca06fc64aeecc0edcbdd90fc9cdc;hp=9383ce3e6752830a0e63f90b2b79f91048b2f60e;hb=192c1ab6291fe0fb5098f30a12dd15ae912531b5;hpb=81feffd238a1af2a419ae02e32273c91eb9c4f6e

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 9383ce3e..00c90fad 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -412,6 +412,25 @@ Version 1.5.2 - SVN
     administrators to offer this plugin but keep it out of the way
     for users who do not want it. Put sqspell_show_button=0 in 
     default preferences if it should be hidden by default
+  - Add ability for saved drafts to indicate if they are a reply
+    or forward and if so, to which message, and mark that message
+    as replied or forwarded when the draft is finally sent
+  - Added option to allow returning to the message one had been
+    replying to after sending 
+  - Sanitize user-supplied attachment filenames (thanks to Florian
+    Grunow for reporting this issue) [CVE-2018-8741]
+  - Changed anti-CSRF security token lifetime to be session-based.
+  - Added favicon and ability for admins to use their own by setting
+    $head_tag_extra in config_local.php (see documentation in
+    config/config_local.php)
+  - Updated SVG handling, closing several related vulnerabilities
+    (#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952]
+    [CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955]
+  - Added IMAP ID command (RFC2971), sent after every login - use
+    by setting $imap_id_command_args in config/config_local.php
+    (see notes in config/config_local.example.php for more details)
+  - Added handling for RCDATA and RAWTEXT elements in HTML sanitizer
+    [CVE-2019-12970]
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------