RoundcubeMail

Commit Graph

Author	SHA1	Message	Date
Thomas Bruederli	9b69cce641	Update changelog	5 years ago
Thomas Bruederli	51480044d6	Bump version to 1.2.13	5 years ago
Aleksander Machniak	47e4d44f62	Fix cross-site scripting (XSS) via HTML or Plain text messages with malicious content [CVE-2020-35730] Credits to Alex Birnberg <birnbergalex@gmail.com>	5 years ago
Thomas Bruederli	c03da1a87d	Bump version to 1.2.12	5 years ago
Aleksander Machniak	589d360100	Fix cross-site scripting (XSS) via HTML messages with malicious svg or math content	5 years ago
Thomas Bruederli	ce6ebd9c38	Bump version to 1.2.11	5 years ago
Aleksander Machniak	f3d1566cf2	Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace Credits to SSD Secure Disclosure (https://ssd-disclosure.com/)	5 years ago
Thomas Bruederli	1a7b603875	Bump version to 1.2.10	5 years ago
Aleksander Machniak	cceeff2472	Fix CSRF bypass that could be used to log out an authenticated user (#7302 )	5 years ago
Aleksander Machniak	33faaed63a	Fix local file inclusion (and code execution) via crafted 'plugins' option	5 years ago
Aleksander Machniak	4694620a1e	Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings	5 years ago
Aleksander Machniak	4312dc4efe	Fix XSS issue in handling of CDATA in HTML messages	5 years ago
Aleksander Machniak	d3f2759a6b	Fix missing message-htmlpart1 class breaking inline CSS (#6493 )	7 years ago
Thomas Bruederli	36043cb7bc	Bump version to 1.2.9 and copyright to 2018	7 years ago
Aleksander Machniak	8d6d4a5de5	Fix regression where IMAP commands with '*' uidset argument wasn't working	7 years ago
Thomas Bruederli	7901047474	Check for non-empty uid post parameters improve fix from commit `5b7e9a2c9`	7 years ago
Thomas Bruederli	c69b851b8a	Fix regression in compressMessageSet()	7 years ago
Thomas Bruederli	9f91018a16	Bump version to 1.2.8	7 years ago
Thomas Bruederli	5b7e9a2c96	Fix check_request() bypass in places using get_uids() (#6238 ) [CVE-2018-9846]	7 years ago
Thomas Bruederli	cdeb6234a2	Fix possible IMAP command injection vulnerability (#6229 ) [CVE-2018-9846]	7 years ago
Aleksander Machniak	8e7c2f61a3	Fix bug in remote content blocking on HTML image and style tags (#6178 )	8 years ago
Thomas Bruederli	987856eee2	Bump version + add CVE ID	8 years ago
Aleksander Machniak	c68f81e01d	Update changelog	8 years ago
Aleksander Machniak	9be2224c77	Fix file disclosure vulnerability caused by insuficient input validation in relation with attachment plugins (#6026 )	8 years ago
Aleksander Machniak	cb3f44b1b9	Move "cursor" position on \r\n sequence after single-dot in a line (#5838 )	8 years ago
Aleksander Machniak	24edb8de3e	Fix parsing dot-staffed lines in multiline text (#5838 )	8 years ago
Aleksander Machniak	1fd9ad242e	Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580 )	8 years ago
Aleksander Machniak	ead587ad59	Fix bug where HTML messages could have been rendered empty on some systems (#5957 ) Consistently use $nodeName instead of $tagName property.	8 years ago
Aleksander Machniak	b786599fb0	Update changelog	8 years ago
Aleksander Machniak	5f0f579766	Ignore rewind() warnings (#5950 )	8 years ago
Thomas Bruederli	3644b02d0b	Bump version to 1.2.6	8 years ago
Aleksander Machniak	d265b5756f	Bring back rcmail_html_container_id global	8 years ago
Thomas Bruederli	5fd704ac9e	Update Changelog	8 years ago
Thomas Bruederli	54a3712ada	Modify links in html messages during Washtml DOM traversal This is a more safe approach than using regex and mitigates possible vulnerabilities using malformed html markup.	8 years ago
Thomas Bruederli	fb43d2e608	Escape textarea contents in Washtml	8 years ago
Aleksander Machniak	f9151f6830	Managesieve: Fix AM/PM suffix in vacation time selectors	8 years ago
Aleksander Machniak	822afb7afd	Update changelog	8 years ago
Aleksander Machniak	507a1e9935	Don't ignore (global) userlogins/sendmail logs in per_user_logging mode	8 years ago
Aleksander Machniak	183f68f387	Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788 )	8 years ago
Aleksander Machniak	3d498cd632	Fix bug where it wasn't possible to set timezone to auto-detected value (#5782 )	8 years ago
Aleksander Machniak	913ffcfbbe	Fix SQL syntax error on MariaDB 10.2 (#5774 )	8 years ago
Aleksander Machniak	793bf96747	Enigma: Fix compatibility with assets_dir	8 years ago
Aleksander Machniak	58d7cdc3fc	Fix addressbook searching by gender (#5757 )	8 years ago
Aleksander Machniak	1b8d766447	Fix bug where it wasn't possible to scroll folders list in Edge (#5750 )	8 years ago
Aleksander Machniak	9bfacb4d3c	Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747 )	8 years ago
Thomas Bruederli	e62a7d0dfa	Bump version to 1.2.5	8 years ago
Aleksander Machniak	fc557cacfa	Add CVE ident	8 years ago
Aleksander Machniak	6e054a37d1	Password: Fix security issue in virtualmin and sasl drivers	8 years ago
Aleksander Machniak	22b34fc44b	Fix bug where base_dn setting was ignored inside group_filters (#5720 )	8 years ago
Thomas Bruederli	00874b7fbd	Add CVE identifier to recent XSS fix	8 years ago

1 2 3 4 5 ...

12444 Commits (1.2.13) All Branches Search

12444 Commits (1.2.13)

All Branches