43aaaa5286
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
Reported by Valentin T. and Lutz Wolf of CrowdStrike.
1 year ago
cde4522c5c
Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
Reported by Huy Nguyễn Phạm Nhật.
1 year ago
5ea9f37ce3
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Reported by Huy Nguyễn Phạm Nhật.
1 year ago
b9493988d8
Fix PHP8 warning ( #9429 )
1 year ago
16fe3ba8c5
Fix PHP8 warnings ( #9388 )
1 year ago
d7aeef4971
Update changelog
[skip ci]
1 year ago
8cd27b456d
Minor correction to Serbian translation. ( #9389 )
1 year ago
0d7f2f51f1
csv2vard: store labels by key not value ( #9394 )
1 year ago
3d04da2aab
Fix PHP8 warnings ( #9365 )
1 year ago
5f66eac79d
Fix PHP8 warnings ( #9363 )
1 year ago
063b41f3d0
Rename default_host to imap_host in a comment
1 year ago
b95b36288d
CI: Bump actions/setup-java and actions/setup-node
2 years ago
c7cc349044
CI: Disable mobile mode browser tests
2 years ago
a1c74eb8b4
Fix bug in collapsing/expanding folders with some special characters in names ( #9324 )
2 years ago
549f99cf8c
Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion ( #9312 )
2 years ago
cadc82e1b5
Makefile: Use phpDocumentor v3.4 for the Framework docs ( #9313 )
2 years ago
3ba78d3a1b
Fix PHP8 warnings ( #9306 )
2 years ago
c95865e8a2
Fix PHP8 warnings ( #9306 )
2 years ago
9bd13574fb
Clear IMAP capabilities on connection close
Fixes the state on connection close, so when you reconnect there's use
of old capabiltieis. This fixes the following scenario:
- user connects to imap and authenticates using LOGIN command,
after this capabilities may contain LOGINDISABLED
- user disconnects
- in the same request user connects again and authenticates as before
but it can't because of the wrong LOGINDISABLED state.
2 years ago
5d779abf82
Support (DEPTH 0) in GETMETADATA command
2 years ago
7950116ee1
Fix IMAP GETMETADATA command with options - RFC5464
2 years ago
371b285389
Fix bug where trailing non-ascii characters in email addresses could have been removed in recipient input ( #9257 )
2 years ago
3688eb6987
Fix TinyMCE localization installation ( #9266 )
2 years ago
5474761725
Fix rcube::decrypt() ( #9264 )
* do not skip test_encrypt_and_decrypt test
* Fix rcube::decrypt()
2 years ago
3f01775bce
Fix minimal kolab/net_ldap3 version for PHP 8.3 ( #9263 )
2 years ago
b66f7aabda
Fix PHP8 warning
2 years ago
44860ff45d
Update labels.inc ( #9232 )
Update message
2 years ago
793664f568
Fix invalid phpdocs ( #9252 )
* fix missing return type in phpdoc
* fix "phpdoc_scalar"
* Fix phpdoc variable names typos
* fix wrong phpdoc tags
2 years ago
ae2f25d054
Fix Sieve scripts comment parse with CRLF ( #9249 )
2 years ago
24dfb2b3e8
Fix PHP8 warnings ( #9242 )
2 years ago
b2c2545ee3
Fix unneeded php command use in installto.sh and deluser.sh scripts ( #9237 )
2 years ago
442c7cc1b3
Fix saving other encryption settings besides enigma's ( #9240 )
Previously, if the enigma plugin was enabled, it wasn't possible to save
the option whether Roundcube should use Mailvelope's main keyring
(`mailvelope_main_keyring`), because this code overwrote the whole array
for the "encryption"-section on saving. That is now fixed.
2 years ago
12a321bd7a
Fix PHP8 warning ( #9238 )
2 years ago
3f33433a31
Fix PHP8 warning ( #9235 )
And added tests for utils/modcss action
2 years ago
88a040842f
Update to TinyMCE 5.10.9 security release ( #9228 )
2 years ago
ff10f5a621
Fix page jump menu flickering on click ( #9196 )
2 years ago
fd17743723
Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3
Additional fix for a case when sender's public key is in the keyring
2 years ago
6969b06ac9
Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3
2 years ago
0eb0b771c4
Fix PHP8 warnings
2 years ago
c59b643dec
Fix regression in handling LDAP search_fields configuration parameter ( #9210 )
2 years ago
81ac3c342a
Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download
Thanks to rehme.infosec for reporting the issues.
2 years ago
57a599a81f
Makefile: Replace version in installer/index.php too
2 years ago
6d7557799a
Fix regression where `smtp_user` did not allow pre/post strings before/after `%u` placeholder ( #9162 )
2 years ago
efd5842dcb
Fix PHP fatal error on folder read-only check ( #9190 )
2 years ago
93989c0d87
Fix PHP string replacement error in utils/error.php ( #9185 )
2 years ago
1c2b066e7a
Fix PHP 8.2 deprecation warning: Creation of dynamic property rcube_message_part::$realtype is deprecated ( #9193 )
2 years ago
11ec814a80
Fix bug where images attached to application/smil messages weren't displayed ( #8870 )
2 years ago
e69635dc91
Fix UI issue when dealing with an invalid managesieve_default_headers value ( #9175 )
2 years ago
204ff84b5f
Add CVE identifiers to the changelog
[skip ci]
2 years ago
f6ab89697b
Fix deactivated and activated messages being reversed in ja_JP. ( #9176 )
2 years ago
Aleksander Machniak