X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=doc%2FChangeLog;h=28a53db5c16724e8c336e69782e138b19df3ed30;hp=131881ff487e01f083c00882d92b6309f1e3eeaf;hb=8428a815aa0d99014410bf7cb1bbfc08324df8bb;hpb=34aa9765802fd89aa20442283bd1bdcec71dca3f diff --git a/doc/ChangeLog b/doc/ChangeLog index 131881ff..28a53db5 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -385,7 +385,7 @@ Version 1.5.2 - SVN shown on the message list screen - Added advanced control over the SSL context used when connecting to the SMTP and IMAP servers over SSL/TLS (thanks to Emmanuel - Dreyfus). See $imapSslOptions and $smtpSslOptions in + Dreyfus). See $imap_stream_options and $smtp_stream_options in config_local.example.php for more information. - Added ability to show login error from the IMAP server instead of traditional "Unknown user or password incorrect" (thanks to Alain @@ -393,6 +393,55 @@ Version 1.5.2 - SVN file or "4. General Options ==> 21. Display login error from IMAP" in the configuration tool. - Configuration tool now shows the SquirrelMail version + - Prevent session lock-up caused by filters plugin trying to move + messages in an account that is over quota. + - Added MD5 alternative to directory hash calculation + - Added ability for administrator to control whether or not users + can edit their reply-to address ($edit_reply_to in config.php) + - Added new "login_before_page_header" (boolean) hook; allows + plugins to have more explicit control over login page header + - Added new "smtp_helo_override" hook; allows plugins to override + the HELO host sent to the SMTP server when sending messages + - Added PDO support for database connections, so no external + database module needs to be installed + - Fixed insufficient sendmail command argument escaping (thanks + to Mitchel Sahertian, Beyond Security/Dawid Golunski and Filippo + Cavallarin for bringing this to our attention). [CVE-2017-7692] + - Added ability to control the display of the "Check Spelling" + button provided by the squirrelspell plugin, which allows + administrators to offer this plugin but keep it out of the way + for users who do not want it. Put sqspell_show_button=0 in + default preferences if it should be hidden by default + - Add ability for saved drafts to indicate if they are a reply + or forward and if so, to which message, and mark that message + as replied or forwarded when the draft is finally sent + - Added option to allow returning to the message one had been + replying to after sending + - Sanitize user-supplied attachment filenames (thanks to Florian + Grunow for reporting this issue) [CVE-2018-8741] + - Changed anti-CSRF security token lifetime to be session-based. + - Added favicon and ability for admins to use their own by setting + $head_tag_extra in config_local.php (see documentation in + config/config_local.php) + - Updated SVG handling, closing several related vulnerabilities + (#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952] + [CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955] + - Added IMAP ID command (RFC2971), sent after every login - use + by setting $imap_id_command_args in config/config_local.php + (see notes in config/config_local.example.php for more details) + - Added handling for RCDATA and RAWTEXT elements in HTML sanitizer + [CVE-2019-12970] + - Added the ability to modify of the value of the global $PHP_SELF + variable used throughout the SquirrelMail code (though less so + in version 1.5.2). The administrator may do so by adding the + configuration settings $php_self_pattern and $php_self_replacement + to config/config_local.php, where the pattern should be a full + regular expression including the delimiters. This may be helpful + when the web server sees traffic from a proxy so the normal + $PHP_SELF does not resolve to what it should be for the real client. + - Show more accurate filesize for uploaded files and base64-encoded + attachments (when reading a message) + - Added fixes for PHP version 8 compatibility Version 1.5.1 (branched on 2006-02-12) --------------------------------------