Unnamed repository; edit this file 'description' to name the repository. https://git.hiegel.fr/cgit/roundcube.git/atom?h=1.0.2 2014-06-16T12:15:54Z 2014-06-16T12:15:54Z Aleksander Machniak alec@alec.pl 2014-06-16T10:40:27Z urn:sha1:702ce09f892f8d9de45e69b3ef042ebea749576a 2014-05-12T10:15:48Z Aleksander Machniak alec@alec.pl 2014-05-12T10:13:24Z urn:sha1:f92cccac38f877ab3537dcb489bb4a6216334f84 Conflicts: CHANGELOG 2014-04-25T16:41:18Z Felix Eckhofer felix@eckhofer.com 2014-03-26T12:29:33Z urn:sha1:8a4234d2fc5418fdfbc46f967de8c1731b974ba9 2014-04-25T16:40:53Z Felix Eckhofer felix@eckhofer.com 2014-03-26T13:13:40Z urn:sha1:f58a294949547ed132bf3cdb5815b68c659b992a HTTP headers X_FORWARDED_* and X_REAL_IP are only evaluated when received from an IP listed in proxy_whitelist. Furthermore, only the last non-trusted IP from X-Forwarded-For is used in place of the real ip. Without this, an attacker can easily spoof the headers and control the result of the ip or ssl check. This fixes several problems with [3a4c9f42], [4d480b36] and [a520f331] as mentioned in #1489729. Conflicts: CHANGELOG 2014-01-29T11:36:37Z Thomas Bruederli thomas@roundcube.net 2014-01-29T11:36:37Z urn:sha1:1562a83608214dd23f4d7ab3b5e9b3c8a1693ce0 2014-01-21T12:12:06Z Aleksander Machniak alec@alec.pl 2014-01-21T12:12:06Z urn:sha1:357f9c831a7b1d01a6f7dfd40f44f77acde15a54 2014-01-16T08:02:02Z Thomas Bruederli thomas@roundcube.net 2014-01-16T08:02:02Z urn:sha1:3786a48aeb27b0ee54694103e0c19808a62ff5e0 * The 'write_log' plugin hook now also supports the return property 'dir' to let plugins specify the log directory. 2013-11-15T16:45:26Z Thomas Bruederli thomas@roundcube.net 2013-11-15T16:45:26Z urn:sha1:57def0d195c91068f29acb3823f763d1ba93e435 2013-11-08T09:57:00Z Thomas Bruederli thomas@roundcube.net 2013-11-08T09:57:00Z urn:sha1:4a05e8a7e8a39aee331a1d5bc45fbc1710ac6a15 2013-11-05T10:20:14Z Aleksander Machniak alec@alec.pl 2013-11-05T10:20:14Z urn:sha1:88934b6132ac22da5a66724943837bf5cae82779