summaryrefslogtreecommitdiff
path: root/CHANGELOG
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2009-01-22 14:47:23 +0000
committerthomascube <thomas@roundcube.net>2009-01-22 14:47:23 +0000
commitaa055c931a68547763f7bb89425a08e8ceecb749 (patch)
treeece66b96ce0bc8c1f892f6c620a32c93f5df621f /CHANGELOG
parent4f27148d400661c81005b496ac7c05b6c6ed9483 (diff)
Get rid of vulnerable preg_replace eval and create_function (#1485686) + correctly handle base and link tags in html messages
Diffstat (limited to 'CHANGELOG')
-rw-r--r--CHANGELOG5
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index e8ce8272a..123b24377 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,11 @@
CHANGELOG RoundCube Webmail
---------------------------
+2009/01/22 (thomasb)
+----------
+- Get rid of preg_replace() with eval modifier and create_function usage (#1485686)
+- Bring back <base> and <link> tags in HTML messages
+
2009/01/20 (thomasb)
----------
- Fix XSS vulnerability through background attributes as reported by Julien Cayssol