Mirror
/
RoundcubeMail
mirror of https://github.com/roundcube/roundcubemail.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Fix .htaccess rewrite rules to not block .well-known URIs (#1490615) 

Conflicts:

	.htaccess
	CHANGELOG
pull/315/head
Aleksander Machniak 10 years ago
parent
7d0099f28e
commit
ded453cdc4
2 changed files with 2 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      .htaccess
  2. 1
      CHANGELOG

2
.htaccess
View File

@ -31,7 +31,7 @@ RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
# security rules: # security rules:
# - deny access to files not containing a dot or starting with a dot # - deny access to files not containing a dot or starting with a dot
# in all locations except installer directory # in all locations except installer directory
RewriteRule ^(?!installer|[a-f0-9]{16})(\.?[^\.]+)$ - [F]
RewriteRule ^(?!installer|\.well-known\/|[a-f0-9]{16})(\.?[^\.]+)$ - [F]
# - deny access to some locations # - deny access to some locations
RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F] RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
# - deny access to some documentation files # - deny access to some documentation files

1
CHANGELOG
View File

@ -6,6 +6,7 @@ CHANGELOG Roundcube Webmail
- Fix so Installer requires PHP5 - Fix so Installer requires PHP5
- Make brute force attacks harder by re-generating security token on every failed login (#1490549) - Make brute force attacks harder by re-generating security token on every failed login (#1490549)
- Slow down brute-force attacks by waiting for a second after failed login (#1490549) - Slow down brute-force attacks by waiting for a second after failed login (#1490549)
- Fix .htaccess rewrite rules to not block .well-known URIs (#1490615)
- Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542) - Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542)
- Fix responses list update issue after response name change (#1490555) - Fix responses list update issue after response name change (#1490555)
- Fix bug where message preview was unintentionally reset on check-recent action (#1490563) - Fix bug where message preview was unintentionally reset on check-recent action (#1490563)

Write Preview
Loading…
Cancel
Save