Get rid of vulnerable preg_replace eval and create_function (#1485686) + correctly handle base and link tags in html messages

author: thomascube <thomas@roundcube.net> 2009-01-22 14:47:23 +0000
committer: thomascube <thomas@roundcube.net> 2009-01-22 14:47:23 +0000
commit: aa055c931a68547763f7bb89425a08e8ceecb749 (patch)
tree: ece66b96ce0bc8c1f892f6c620a32c93f5df621f /CHANGELOG
parent: 4f27148d400661c81005b496ac7c05b6c6ed9483 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index e8ce8272a..123b24377 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,11 @@
 CHANGELOG RoundCube Webmail
 ---------------------------
 
+2009/01/22 (thomasb)
+----------
+- Get rid of preg_replace() with eval modifier and create_function usage (#1485686)
+- Bring back <base> and <link> tags in HTML messages
+
 2009/01/20 (thomasb)
 ----------
 - Fix XSS vulnerability through background attributes as reported by Julien Cayssol
author	thomascube <thomas@roundcube.net>	2009-01-22 14:47:23 +0000
committer	thomascube <thomas@roundcube.net>	2009-01-22 14:47:23 +0000
commit	aa055c931a68547763f7bb89425a08e8ceecb749 (patch)
tree	ece66b96ce0bc8c1f892f6c620a32c93f5df621f /CHANGELOG
parent	4f27148d400661c81005b496ac7c05b6c6ed9483 (diff)