Tree: 1.3.16

allow-textarea-resize

backport-security-at-roundcube-dot-net

backport-virtuser_file-email2user-fix

changelog-release-1.7-beta

code-of-conduct-and-social-work-guidelines

compose-markdown

debounce

dependabot/npm_and_yarn/codemirror-6.0.1

dependabot/npm_and_yarn/eslint-9.15.0

dependabot/npm_and_yarn/eslint-plugin-unicorn-56.0.0

dependabot/npm_and_yarn/openpgp-6.0.0

dependabot/npm_and_yarn/tinymce-7.5.1

dev-zenmode

dev/enigma-woat

dev/push

editorconfig-javascript

exit-through-sendexit

fix-browser-tests-via-docker-compose

fix-displaying-message-rfc822-headers

fix-washing-html-from-rcmail_attachment_handler

folder-menu-create-delete

folder-reorder

folder-reorder-sortable

html-allow-array-as-content

html-allow-sandbox-attribute-for-iframe

johndoh-list-loading

makefile-path-and-clean-minified

makefile-release-helpers

master

message-render-iframe

phpstan-check-also-public_html

reduce-duplicate-workflow-runs

release-0.6

release-0.7

release-0.8

release-0.9

release-1.0

release-1.1

release-1.2

release-1.3

release-1.4

release-1.5

release-1.6

release-1.7

release-management

reminders-bot

remove-auto-reminder-bot

render-markdown

security-at-roundcube-dot-net

test-config-option-rule

test-print-view-with-very-long-lines

test-remote-access

test-with-php8.4

use-make-target-in-browser-tests-script

validate-url-parameter-for-upload

validate-url-parameter-for-upload-v1.6

very-long-lines-print-test

0.7.4

0.8.6

0.9-rc2

1.0.0

1.0.1

1.0.10

1.0.11

1.0.12

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1-beta

1.1-rc

1.1.0

1.1.1

1.1.10

1.1.11

1.1.12

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2-beta

1.2-rc

1.2.0

1.2.1

1.2.10

1.2.11

1.2.12

1.2.13

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3-beta

1.3-rc

1.3.0

1.3.1

1.3.10

1.3.11

1.3.12

1.3.13

1.3.14

1.3.15

1.3.16

1.3.17

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.4-beta

1.4-rc1

1.4-rc2

1.4.0

1.4.1

1.4.10

1.4.11

1.4.12

1.4.13

1.4.14

1.4.15

1.4.16

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.5-beta

1.5-rc

1.5.0

1.5.1

1.5.10

1.5.11

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.6-beta

1.6-rc

1.6.0

1.6.1

1.6.10

1.6.11

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7-beta

v0.1-beta2

v0.1-rc1

v0.1-rc1@582

v0.1-rc2

v0.1-rc2@900

v0.1-stable

v0.1-stable@1183

v0.1.1

v0.1.1@1258

v0.2-alpha

v0.2-alpha@1499

v0.2-beta

v0.2-beta@1877

v0.2-beta@1878

v0.2-stable

v0.2-stable@2204

v0.2.1

v0.2.1@2348

v0.2.2

v0.2.2@2481

v0.2.2@2495

v0.3-beta

v0.3-beta@2799

v0.3-rc1

v0.3-stable

v0.3-stable@2921

v0.3.1

v0.3.1@3081

v0.4-beta

v0.4-beta@3548

v0.4.1

v0.4.1@4045

v0.4.2

v0.4.2@4050

v0.5

v0.5-beta

v0.5-beta@4347

v0.5-rc

v0.5-rc@4349

v0.5.1

v0.5.1@4518

v0.5.2

v0.5.2@4679

v0.5.3

v0.5.3@4832

v0.5.4

v0.5.4@5062

v0.5.4@5065

v0.5@4408

v0.6

v0.6-beta

v0.6-rc

v0.7

v0.7-beta1

v0.7-beta2

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.8-beta

v0.8-rc

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.6

v0.8.7

v0.9-beta

v0.9-rc

v0.9-rc2

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v1.0-beta

v1.0-rc

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from '1.3.16'

${ noResults }

Commit Graph

2315 Commits (1.3.16)

Author	SHA1	Message	Date
Thomas Bruederli	50883698f3	Bump version to 1.3.16	5 years ago
Aleksander Machniak	a06ec1dcf9	Fix cross-site scripting (XSS) via HTML or Plain text messages with malicious content [CVE-2020-35730] Credits to Alex Birnberg <birnbergalex@gmail.com>	5 years ago
Thomas Bruederli	e4dc3e942c	Bump version to 1.3.15	5 years ago
Aleksander Machniak	d44ca2308a	Fix cross-site scripting (XSS) via HTML messages with malicious svg or math content	5 years ago
Thomas Bruederli	abddddb12c	Bump version to 1.3.14	5 years ago
Aleksander Machniak	1950241975	Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace Credits to SSD Secure Disclosure (https://ssd-disclosure.com/)	5 years ago
Thomas Bruederli	45dced3b8f	Bump version to 1.3.13	5 years ago
Aleksander Machniak	2bf097dcdb	Installer: Fix regression in SMTP test section (#7417)	5 years ago
Aleksander Machniak	7a792f8a90	Fix changelog [skip ci]	5 years ago
Aleksander Machniak	884eb61162	Security: Fix cross-site scripting (XSS) via malicious XML attachment	5 years ago
Aleksander Machniak	db49dba3e4	Security: Better fix for CVE-2020-12641	5 years ago
Aleksander Machniak	37e2bc7457	Security: Fix XSS issue in template object 'username' (#7406)	5 years ago
Aleksander Machniak	655cfa50cc	Security: Fix couple of XSS issues in Installer (#7406)	5 years ago
Thomas Bruederli	fe0d97e5e0	Bump version to 1.3.11	5 years ago
Aleksander Machniak	25c4861542	Update changelog	6 years ago
Aleksander Machniak	c76153e752	Fix PHP warning: "array_merge(): Expected parameter 2 to be an array, null given in sendmail.inc (#7003)	6 years ago
Aleksander Machniak	3483c6407f	Fix PHP Warning: Use of undefined constant LOG_EMERGE (#6991)	6 years ago
Aleksander Machniak	e97837ba21	Fix bug where inline images could have been ignored if Content-Id header contained redundant spaces (#6980)	6 years ago
Aleksander Machniak	5315c7507f	Update changelog	6 years ago
Aleksander Machniak	2348899a3f	Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896)	6 years ago
Aleksander Machniak	554a20fe49	Fix security issue where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897)	6 years ago
Aleksander Machniak	c0c42d1075	Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899)	6 years ago
Aleksander Machniak	d0d8c1ace5	Fix security issue where it was possible to bypass the position:fixed CSS check in received messages (#6898)	6 years ago
Thomas Bruederli	f2e610dbe5	Bump version to 1.3.10	6 years ago
Jack Cherng	45e099b0be	Fix implode() wrong parameter order (#6866) It has been deprecated in PHP 7.4. Such as PHP deprecated: implode(): Passing glue string after array is deprecated. Swap the parameters in /var/www/roundcubemail/program/lib/Roundcube/rcube_db.php on line 917 Signed-off-by: Jack Cherng <jfcherng@gmail.com>	6 years ago
Aleksander Machniak	42c473aedd	Fix wrong messages order after returning to a multi-folder search result (#6836)	6 years ago
Aleksander Machniak	22375170df	Fix bug in converting multi-page Tiff images into Jpeg (#6824) When using 'convert' binary we have to use -flatten argument (the same as we do with thumbnails) otherwise it will produce multiple output files with -0, -1, etc. suffix. This way we make sure to generate only one image until we support multi-page Tiff properly.	6 years ago
Aleksander Machniak	77c2c8155a	Fix bug where selection of columns on messages list wasn't working	6 years ago
Aleksander Machniak	70622c37e6	Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793)	6 years ago
Aleksander Machniak	d6f9b79be5	Update changelog	6 years ago
Aleksander Machniak	37f4c7df77	Update changelog, add some tests for rcube_utils::parse_host()	6 years ago
Aleksander Machniak	55ebae3c1e	Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758)	6 years ago
Aleksander Machniak	de25226d31	Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638) When composing mail (on reply/forward/edit) we decrypt content only in the first "content part" of the message.	6 years ago
Aleksander Machniak	f8afd18713	Enigma: Fix error message when trying to encrypt with a revoked private key (#6607)	6 years ago
Aleksander Machniak	0c828a254e	Enigma: Fix bug where revoked users/keys were not greyed out in key info The 'deleted' class was assigned to the wrong (next) row in a table. It also didn't work in Elastic skin at all because of the missing style.	6 years ago
Aleksander Machniak	8b706775f3	Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744) Looks like \R is not allowed in character class, but \r\n is fine. On PHP 7.3.5 it throws warnings and empty result from preg_replace(), though I couldn't reproduce.	6 years ago
Aleksander Machniak	9cb1912553	Fix bug where bmp images couldn't be displayed on some systems (#6728)	6 years ago
Aleksander Machniak	02631baf9e	Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723)	6 years ago
Aleksander Machniak	7b8a183e9f	Bump version to 1.3.9	6 years ago
Aleksander Machniak	0bf17668b6	Fix TinyMCE download location (#6694)	6 years ago
Aleksander Machniak	27b9448d6c	Fix bug where next row wasn't selected after deleting a collapsed thread (#6655)	6 years ago
Aleksander Machniak	1dbf187a45	Fix bug when aborting dragging with ESC key didn't stop the move action (#6623) + small code improvements + focus the list on drag start to make sure it's focused state is up-to-date which is needed for proper keypress handling (e.g. ESC key on drag action)	7 years ago
Aleksander Machniak	5b6b1133dc	Update changelog	7 years ago
Aleksander Machniak	52d80f2467	Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599)	7 years ago
Aleksander Machniak	1d7b488841	Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581)	7 years ago
Aleksander Machniak	b7b2afc6be	Fix PHP 7.2 compatibility in debug_logger plugin (#6586)	7 years ago
Aleksander Machniak	1418812c89	Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577)	7 years ago
Aleksander Machniak	8dec8fb60a	Fix handling of empty entries in vCard import (#6564)	7 years ago
Aleksander Machniak	4619f030f2	Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494)	7 years ago
Thomas Bruederli	b1a8a4b627	Bump version to 1.3.8	7 years ago