bf599fe1cf
Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download
Thanks to rehme.infosec for reporting the issues.
2 years ago
24df766e28
Bring back 1.4-git as a version number
2 years ago
0546ce4a1e
Fix tests
2 years ago
1e3e457466
Fix PHP 5.4 compatibility by using pear-core-minimal 1.10.11 ( #9148 )
2 years ago
dc7b6850c6
Fix merge conflict
2 years ago
7b2df52ede
Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages ( #9168 )
2 years ago
69be0b7b81
Bump version to 1.4.14
2 years ago
c998034d31
Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages
Thanks to Niraj Shivtarkar for the report.
2 years ago
10f4be7a8a
Add plugin-installer to allowed-plugins ( #8680 )
So we skip the confirmaton question with new composer versions.
(cherry picked from commit 8bd31c5421
3 years ago
e278cce6b8
Update changelog
3 years ago
d65dfed208
Enigma: Fix initial synchronization of private keys
3 years ago
784eb80e67
Bump version to 1.4.13
4 years ago
b2400a4b59
Security: Fix cross-site scripting (XSS) via HTML messages with malicious CSS content
4 years ago
786fb18c43
Revert disabling the spell check feature in defaults
This is not a change that should be done in a patch release.
4 years ago
ff61573803
Bump version to 1.4.12
4 years ago
9dfa13f4dc
Bring back spell.roundcube.net as integrated spelling service but disable by default ( #8182 )
This partially reverts commit 2bd421cdaf
4 years ago
4e1358b4dc
Add input validation for list column/order
4 years ago
c8947ecb76
Rename session items 'search' and 'search_params' to 'contact_search' and 'contact_search_params'
... to fix potential conflict with the session items for mail search.
4 years ago
faf99bf8a2
Fix XSS issue in handling attachment filename extension in mimetype mismatch warning ( #8193 )
4 years ago
c59a5ca845
Updated changelog
4 years ago
2bd421cdaf
Disable the default spellchecker option using spell.roundcube.net ( #8182 )
... since this service is no longer available.
4 years ago
c09d478714
Fix variable in nl_NL localization ( #8149 )
4 years ago
28314d9e0b
Update changelog
[skip ci]
4 years ago
27e67464fe
Fix Firefox infinate loading display on mail screen #8128 ( #8129 )
4 years ago
6adae8f9f5
Typo
[skip ci]
4 years ago
4bcb40e395
Fix shift + drag'n'drop menu not working Elastic skin with Chrome browser ( #8107 )
4 years ago
600a1e29ff
Fix handling of custom From addresses with names ( #8106 )
4 years ago
b44acbecbf
Fix displaying HTML body with inline images encapsulated using TNEF format (winmail.dat)
4 years ago
b15ff4f064
Add an option to disable TNEF decoding
4 years ago
15825ca283
Elastic: Fix focused or disabled button colors
4 years ago
2140865686
Fix bug where plus characters in attachment filename could have been ignored ( #8074 )
4 years ago
ea7d207924
Fix bug where consecutive LDAP searches could return wrong results ( #8064 )
4 years ago
18b980cfb1
Fix bug where contacts search didn't work with addressbook_search_mods set to an empty array ( #7974 )
4 years ago
d0dccc7066
Don't cache disabled_actions setting in memory
If some plugin changed the setting after first button() method
use, the change would not have been seen in the rest of the method calls.
4 years ago
cbb8cfcb29
Enigma: Fix bug where signature verification could fail for non-ascii bodies ( #7919 )
4 years ago
e1af03c8a4
Fix bug causing some HTML message content to be not centered in Elastic skin ( #7911 )
4 years ago
34c42f06e1
Bump version to 1.4.11
5 years ago
9dc276d5f2
Fix cross-site scripting (XSS) via HTML messages with malicious CSS content
Thanks to Mateusz Szymaniec (CERT Polska) for reporting the issue.
5 years ago
1657ff4729
Update changelog
[skip ci]
5 years ago
ee4ab536e6
Fixed errors in MSSQL database update scripts ( #7853 )
* If a column is dropped the constraint that uses that column must be dropped first.
* Removed trailing comma
* Fixed invalid SQL syntax
* Fixed syntax mistakes in MSSQL initial database script
5 years ago
d16f3a8f1f
Update changelog
[skip ci]
5 years ago
f4adee42ae
Honor action_domain in managesieve-forward ( #7849 )
5 years ago
ee7c568a00
Update changelog
[skip ci]
5 years ago
0d396383ec
Elastic: Lessc v4 comptibility issue ( #7808 )
5 years ago
2066b2d858
Fix less mixins to be compatible with lessc 3.x and 4.x ( #7815 )
5 years ago
83d9ad3f64
Display a nice error informing about no PHP8 support
5 years ago
4efec49a46
Bump version to 1.4.10
5 years ago
0bceba301a
Fix cross-site scripting (XSS) via HTML or Plain text messages with malicious content [CVE-2020-35730]
Credits to Alex Birnberg <birnbergalex@gmail.com>
5 years ago
0efb565a9e
Fix state of subscription toggle on folders list after changing folder state from the search result ( #7653 )
5 years ago
ffa21a5225
Reuse clonerow event to update toggle within active search
5 years ago
Aleksander Machniak