From 59478e06c25303a790a0840ab2ac30662c4ef781 Mon Sep 17 00:00:00 2001 From: Hugues Hiegel Date: Tue, 5 Aug 2014 16:46:22 +0200 Subject: c'est la merde.. --- CHANGELOG | 68 ++++++++++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 52 insertions(+), 16 deletions(-) (limited to 'CHANGELOG') diff --git a/CHANGELOG b/CHANGELOG index dbc7447ae..32511169a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,14 +1,33 @@ CHANGELOG Roundcube Webmail =========================== +- Fix date column width to fit the widest possible date format (#1489368) +- Move certain user preference options to a collapsed "advanced" block (#1488829) +- Add file type icons for Powerpoint and Open Office presentations (#1489225) +- Fix operations on folders with trailing spaces in name (#1489419) +- Improve identity selection based on From: header (#1489378) +- Fix issue where mails with inline images of the same name contained only the first image multiple times (#1489406) +- Use left/right arrow keys to collapse/expand thread and spacebar to select a row, change Ctrl key behavior (#1489392) +- Fix an issue where using arrow keys to go up a list can result in selected message being under headers (#1489403) +- Fix an issue where Home/End keys don't focus list row properly, don't scrollTo properly (#1489396) +- Add an option to disable smart Reply-List behaviour - reply_all_mode (#1488734) +- Fix an issue where pressing minus key on contacts list was hiding list records (#1489393) +- Fix an issue where shift + arrow-up key wasn't selecting all messages in collapsed thread (#1489397) +- Added icon for priority column in messages list header (#1489234) +- New feature "Canned Responses" to save and recall boilerplate text snippets +- Fix HTML part detection when encapsulated inside multipart/signed (#1489372) +- Add spellchecker backend for the After the Deadline service +- Replace markdown-style [1] link indexes in plain text email bodies +- Improved mailto: link arguments handling (#1489363) +- Use DOMDocument LIBXML_PARSEHUGE and LIBXML_COMPACT options if possible (#1489302) +- Support HTTP_HOST, SERVER_NAME and SERVER_ADDR values in include_host_config feature +- Make default font size for HTML messages configurable (request #118) +- Fix XSS issue in addressbook group name field [CVE-2013-5646] (#1489333) - After message is sent refresh messages list of replied message folder (#1489249) - Add option force specified domain in user login - username_domain_forced (#1489264) -- Fix expanded thread root message styling after refreshing messages list (#1489327) -- Fix issue where From address was removed from Cc and Bcc fields when editing a draft (#1489319) - Add option to import Vcards with group assignments - Save groups membership in Vcard export (#1488509) - Workaround broken PHP function timezone_name_from_abbr (#1489261) -- Fix error_reporting directive check (#1489323) - Make cached message size limit configurable - messages_cache_threshold (#1489317) - Log also failed logins to userlogins log - Add temp_dir_ttl configuration option (#1489304) @@ -69,6 +88,23 @@ CHANGELOG Roundcube Webmail - Fix export of selected contacts from search result (#1488905) - Feature to export only selected contacts from addressbook (by Phil Weir) +RELEASE 0.9.5 +------------- +- Fix failing vCard import when email address field contains spaces (#1489386) +- Fix default spell-check configuration after Google suspended their spell service +- Fix vulnerability in handling _session argument of utils/save-prefs (#1489382) +- Fix iframe onload for upload errors handling (#1489379) +- Fix address matching in Return-Path header on identity selection (#1489374) +- Fix text wrapping issue with long unwrappable lines (#1489371) +- Fixed issues where HTML comments inside style tag would hang Internet Explorer +- Hide Delivery Status Notification option when smtp_server is unset (#1489336) +- Display full attachment name using title attribute when name is too long to display (#1489320) +- Fix attachment icon issue when rare font/language is used (#1489326) +- Fix expanded thread root message styling after refreshing messages list (#1489327) +- Fix issue where From address was removed from Cc and Bcc fields when editing a draft (#1489319) +- Fix error_reporting directive check (#1489323) +- Fix de_DE localization of "About" label in Help plugin (#1489325) + RELEASE 0.9.4 ------------- - Make identities matching case insensitive (#1485480) @@ -95,8 +131,8 @@ RELEASE 0.9.3 - Fix base URL resolving on attribute values with no quotes (#1489275) - Fix wrong handling of links with '|' character (#1489276) - Fix colorspace issue on image conversion using ImageMagick (#1489270) -- Fix XSS vulnerability when editing a message "as new" or draft (#1489251) -- Fix XSS vulnerability when saving HTML signatures (#1489251) +- Fix XSS vulnerability when editing a message "as new" or draft [CVE-2013-5645] (#1489251) +- Fix XSS vulnerability when saving HTML signatures [CVE-2013-5645] (#1489251) - Fix rewrite rule in .htaccess (#1489240) - Fix detecting Turkish language in ISO-8859-9 encoding (#1489252) - Fix identity-selection using Return-Path headers (#1489241) @@ -316,7 +352,7 @@ RELEASE 0.8.5 - Fix #countcontrols issue in IE<=8 when text is very long (#1488890) - Fix unwanted horizontal scrollbar in message preview header (#1488866) - Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#1488844) -- Fix XSS vulnerability in vbscript: and data:text links handling (#1488850) +- Fix XSS vulnerability in vbscript: and data:text links handling [CVE-2012-6121] (#1488850) - Fix absolute positioning in HTML messages (#1488819) - Fix cache (in)validation after setting \Deleted flag - Fix keybord events on messages list in opera browser (#1488823) @@ -371,8 +407,8 @@ RELEASE 0.8.1 - Fix bug where domain name was converted to lower-case even with login_lc=false (#1488593) - Fix lower-casing email address on replies (#1488598) - Fix line separator in exported messages (#1488603) -- Fix XSS issue where plain signatures wasn't secured in HTML mode (#1488613) -- Fix XSS issue where href="javascript:" wasn't secured (#1488613) +- Fix XSS issue where plain signatures wasn't secured in HTML mode [CVE-2012-4668] (#1488613) +- Fix XSS issue where href="javascript:" wasn't secured [CVE-2012-3508] (#1488613) - Fix impossible to create message with empty plain text part (#1488610) - Fix stripped apostrophes when replying in plain text to HTML message (#1488606) - Fix inactive Save search option after advanced search (#1488607) @@ -407,7 +443,7 @@ RELEASE 0.8.0 - Fix removing contact photo using LDAP addressbook (#1488420) - Fix storing X-ANNIVERSARY date in vCard format (#1488527) - Update to Mail_Mime-1.8.5 (#1488521) -- Fix XSS vulnerability in message subject handling using Larry skin (#1488519) +- Fix XSS vulnerability in message subject handling using Larry skin [CVE-2012-3507] (#1488519) - Fix handling of links with various URI schemes e.g. "skype:" (#1488106) - Fix handling of links inside PRE elements on html to text conversion - Fix indexing of links on html to text conversion @@ -534,7 +570,7 @@ RELEASE 0.7 - Improved handling of some malformed values encoded with quoted-printable (#1488232) - Add possibility to do LDAP bind before searching for bind DN - Fix handling of empty tags in HTML messages (#1488225) -- Add content filter for embedded attachments to protect from XSS on IE (#1487895) +- Add content filter for embedded attachments to protect from XSS on IE [CVE-2012-1253] (#1487895) - Use strpos() instead of strstr() when possible (#1488211) - Fix handling HTML entities when converting HTML to text (#1488212) - Fix fit_string_to_size() renders browser and ui unresponsive (#1488207) @@ -702,7 +738,7 @@ RELEASE 0.6-beta RELEASE 0.5.4 ------------- -- Fix XSS vulnerability in UI messages (#1488030) +- Fix XSS vulnerability in UI messages [CVE-2011-2937] (#1488030) RELEASE 0.5.3 ------------- @@ -752,8 +788,8 @@ RELEASE 0.5.1 - Security: add optional referer check to prevent CSRF in GET requests - Fix email_dns_check setting not used for identities/contacts (#1487740) - Fix ICANN example addresses doesn't validate (#1487742) -- Security: protect login form submission from CSRF -- Security: prevent from relaying malicious requests through modcss.inc +- Security: protect login form submission from CSRF [CVE-2011-1491] +- Security: prevent from relaying malicious requests through modcss.inc [CVE-2011-1492] - Fix handling of non-image attachments in multipart/related messages (#1487750) - Fix IDNA support when IDN/INTL modules are in use (#1487742) - Fix handling of invalid HTML comments in messages (#1487759) @@ -1196,7 +1232,7 @@ RELEASE 0.3-RC1 --------------- - Fix import of vCard entries with params (#1485453) - Fix HTML messages output with empty block elements (#1485974) -- Use request tokens to protect POST requests from CSRF +- Use request tokens to protect POST requests from CSRF [CVE-2009-4076, CVE-2009-4077] - Added hook when killing a session - Added hook to write_log function (#1485971) - Performance improvements by use UID commands (#1485690) @@ -1323,7 +1359,7 @@ RELEASE 0.2.1 - Fix large search results on server without SORT capability (#1485668) - Get rid of preg_replace() with eval modifier and create_function usage (#1485686) - Bring back and tags in HTML messages -- Fix XSS vulnerability through background attributes as reported by Julien Cayssol +- Fix XSS vulnerability through background attributes [CVE-2009-0413] - Fix problems with backslash as IMAP hierarchy delimiter (#1484467) - Secure vcard export by getting rid of preg's 'e' modifier use (#1485689) - Fix authentication when submitting form with existing session (#1485679) @@ -1381,7 +1417,7 @@ RELEASE 0.2-STABLE - Allow deleting identities when multiple_identities=false (#1485435) - Added option focus_on_new_message (#1485374) - Fix html2text class autoloading on Windows (#1485505) -- Fix html signature formatting when identity save error occured (#1485426) +- Fix html signature formatting when identity save error occurred (#1485426) - Add feedback and set busy when moving folder (#1485497) - Fix 'Empty' link visibility for some languages e.g. Slovak (#1485489) - Fix messages count bar overlapping (#1485270) -- cgit v1.2.3