From: <pdo...@us...> - 2009-03-26 22:35:13
|
Revision: 13470 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13470&view=rev Author: pdontthink Date: 2009-03-26 22:35:06 +0000 (Thu, 26 Mar 2009) Log Message: ----------- Moved documentation to doc/ directory and added example .htaccess files in all directories that browsers don't need direct access to Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2009-03-26 22:34:32 UTC (rev 13469) +++ trunk/squirrelmail/doc/ChangeLog 2009-03-26 22:35:06 UTC (rev 13470) @@ -280,6 +280,8 @@ - Added Bengali (Bangladesh) translation (Thanks to Jamil Ahmed). - Implemented accesskeys on primary pages; is user-configurable in the Options -> Accessibility Preferences page + - Moved documentation to doc/ directory and added example .htaccess + files in all directories that browsers don't need direct access to Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2009-04-02 00:40:52
|
Revision: 13504 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13504&view=rev Author: pdontthink Date: 2009-04-02 00:40:45 +0000 (Thu, 02 Apr 2009) Log Message: ----------- Updates Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2009-04-02 00:40:08 UTC (rev 13503) +++ trunk/squirrelmail/doc/ChangeLog 2009-04-02 00:40:45 UTC (rev 13504) @@ -189,7 +189,7 @@ - Fix Priority and Receipt compose options being reset after return from HTML addressbook, and allow returning from an empty address book (#1673056). - Do not special case the 'None' folder. - - Fixes for filters issues (#1634735). + - Fixes for filters issues. (#1634735) - session_id reporting session id when no active session (#1685031). - Added sq_change_text_domain() for plugins to use when switching text domains. If plugins use this function, it fixes #1434043. @@ -271,18 +271,22 @@ - Make address book file permissions 0600 - same as preference files - Added compatibility with Dovecot's bigint UIDs - Ensure that hash directory computation is the same on both 32 and - 64 bit architectures (#2596879). + 64 bit architectures. (#2596879) - Allow multiple addresses in one abook entry (separate with commas), although we HIGHLY DISCOURAGE grouping in this manner - note amongst other issues that can come up, sizing for large groups will be a - problem (#2611967) + problem. (#2611967) - Added Tamil translation (Thanks to Kengatharaiyer Sarveswaran). - Added Bengali (Bangladesh) translation (Thanks to Jamil Ahmed). - Implemented accesskeys on primary pages; is user-configurable in the Options -> Accessibility Preferences page - Moved documentation to doc/ directory and added example .htaccess - files in all directories that browsers don't need direct access to + files in all directories to which browsers don't need direct access. - Added RFC 2231 support. Thanks to Piotr Pawlow. (#2501379) + - Date headers in outgoing messages have been brought into RFC 822 + compliance (removed time zone name). (#1849410) + - Default Content-Transfer-Encoding is now RFC-compliant "7bit" + instead of "us-ascii". (#1942060) Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2009-04-03 08:32:35
|
Revision: 13513 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13513&view=rev Author: pdontthink Date: 2009-04-03 08:32:30 +0000 (Fri, 03 Apr 2009) Log Message: ----------- Update Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2009-04-03 08:31:17 UTC (rev 13512) +++ trunk/squirrelmail/doc/ChangeLog 2009-04-03 08:32:30 UTC (rev 13513) @@ -287,6 +287,9 @@ compliance (removed time zone name). (#1849410) - Default Content-Transfer-Encoding is now RFC-compliant "7bit" instead of "us-ascii". (#1942060) + - Outgoing attachments that have lines longer than allowed per RFC + are now encoded so they are not corrupted by artificial line folds. + Thanks to Kelly Fallon. (#2226470, $1473714) Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2009-05-07 21:55:49
|
Revision: 13655 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13655&view=rev Author: pdontthink Date: 2009-05-07 21:55:41 +0000 (Thu, 07 May 2009) Log Message: ----------- Adding Khmer translation. Thanks to Khoem Sokhem. Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2009-05-07 21:51:00 UTC (rev 13654) +++ trunk/squirrelmail/doc/ChangeLog 2009-05-07 21:55:41 UTC (rev 13655) @@ -292,6 +292,7 @@ Thanks to Kelly Fallon. (#2226470, $1473714) - Completed a massive update to contrib/flat2sql.pl. - Display visual indication of forwarded messages. + - Added Khmer translation (Thanks to Khoem Sokhem). Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2009-05-12 07:42:37
|
Revision: 13684 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13684&view=rev Author: pdontthink Date: 2009-05-12 07:42:28 +0000 (Tue, 12 May 2009) Log Message: ----------- Forgot to mention PHP 5.3/6 compatibility update the other day Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2009-05-12 06:45:40 UTC (rev 13683) +++ trunk/squirrelmail/doc/ChangeLog 2009-05-12 07:42:28 UTC (rev 13684) @@ -293,6 +293,8 @@ - Completed a massive update to contrib/flat2sql.pl. - Display visual indication of forwarded messages. - Added Khmer translation (Thanks to Khoem Sokhem). + - Removed use of session_unregister() for compatibility with PHP 5.3.0 + and PHP 6 - Remove ability for HTML emails to use CSS positioning to overlay SquirrelMail content (Thanks to Luc Beurton). (#2723196) [CVE-2009-1581] - Fixed improper sanitizing of PHP_SELF and the lack of sanitizing of This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ki...@us...> - 2009-05-21 10:24:04
|
Revision: 13732 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13732&view=rev Author: kink Date: 2009-05-21 10:23:43 +0000 (Thu, 21 May 2009) Log Message: ----------- update changelog Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2009-05-21 10:23:01 UTC (rev 13731) +++ trunk/squirrelmail/doc/ChangeLog 2009-05-21 10:23:43 UTC (rev 13732) @@ -313,7 +313,8 @@ - Cleanup variable name in address search for compose to clearup confusion. - Remove Javascript from address search page when JavaScript is disabled. - Add "Check All" function to address book when using "in-page" addressbook. - - Fixed the Filters plugin to allow commas in filter criteria text + - Fixed the Filters plugin to allow commas in filter criteria text. + - In SMTP, when we EHLO with an IP, wrap it in brackets (#2793154). Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2010-01-21 14:55:27
|
Revision: 13889 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13889&view=rev Author: pdontthink Date: 2010-01-21 14:55:19 +0000 (Thu, 21 Jan 2010) Log Message: ----------- Make base URL autodetection more robust (probably #1741469). Sorry, this should have been included in the last commit. Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2010-01-21 14:53:58 UTC (rev 13888) +++ trunk/squirrelmail/doc/ChangeLog 2010-01-21 14:55:19 UTC (rev 13889) @@ -328,6 +328,8 @@ - Fix for security token missing in newmail plugin (#2919418). - Fix for mailto: urls containing + characters, thanks to Michael Puls II for the patch. + - Make base URL autodetection more robust; fixes some lighttpd issues + (probably #1741469). Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2010-02-13 23:14:02
|
Revision: 13909 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13909&view=rev Author: pdontthink Date: 2010-02-13 23:13:56 +0000 (Sat, 13 Feb 2010) Log Message: ----------- Grammar Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2010-02-13 23:12:04 UTC (rev 13908) +++ trunk/squirrelmail/doc/ChangeLog 2010-02-13 23:13:56 UTC (rev 13909) @@ -334,7 +334,7 @@ - Multibyte strings (notably subjects) are now handled correctly (#2824813, #2925731). - X-DNS-Prefetch-Control: off header is now sent to browsers to prevent information - leakage when Firefox does DNS prefetching for URL's contained in emails. + leakage when Firefox does DNS prefetching for URLs contained in emails. - Added the ability to configure Google Mail (Gmail) as the mail server behind SquirrelMail. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2011-11-29 13:13:53
|
Revision: 14158 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=14158&view=rev Author: pdontthink Date: 2011-11-29 13:13:42 +0000 (Tue, 29 Nov 2011) Log Message: ----------- Verify Reply To still has its uses Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2011-11-29 13:13:13 UTC (rev 14157) +++ trunk/squirrelmail/doc/ChangeLog 2011-11-29 13:13:42 UTC (rev 14158) @@ -368,7 +368,7 @@ [CVE-2011-2752, CVE-2011-2753, CVE-2010-4555] - Fixed XSS problem with unsanitized style tags in messages. [CVE-2011-2023] - Always ensure that the Reply-To header is a full email address in - outgoing messages (makes the Verify Reply-To plugin obsolete) + outgoing messages Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ki...@us...> - 2012-03-24 11:05:32
|
Revision: 14293 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=14293&view=rev Author: kink Date: 2012-03-24 11:05:26 +0000 (Sat, 24 Mar 2012) Log Message: ----------- ChangeLog Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2012-03-24 11:04:45 UTC (rev 14292) +++ trunk/squirrelmail/doc/ChangeLog 2012-03-24 11:05:26 UTC (rev 14293) @@ -373,6 +373,7 @@ search in each field individually; database-backed address books now search in fields other than first/last name (nickname, email) - Made performance improvements in security token handling + - Improvements for PHP 5.4 compatibility. Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2014-01-21 01:17:40
|
Revision: 14428 http://sourceforge.net/p/squirrelmail/code/14428 Author: pdontthink Date: 2014-01-21 01:17:36 +0000 (Tue, 21 Jan 2014) Log Message: ----------- filename typo Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2014-01-21 01:13:49 UTC (rev 14427) +++ trunk/squirrelmail/doc/ChangeLog 2014-01-21 01:17:36 UTC (rev 14428) @@ -385,8 +385,8 @@ shown on the message list screen - Added advanced control over the SSL context used when connecting to the SMTP and IMAP servers over SSL/TLS (Thanks to Emmanuel - Dreyfus). See $imapSslOptions and $smtpSslOptions in config_local.php - for more information. + Dreyfus). See $imapSslOptions and $smtpSslOptions in + config_local.example.php for more information. Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2015-11-30 22:53:15
|
Revision: 14528 http://sourceforge.net/p/squirrelmail/code/14528 Author: pdontthink Date: 2015-11-30 22:53:13 +0000 (Mon, 30 Nov 2015) Log Message: ----------- Adding "smtp_helo_override" hook Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2015-11-30 22:48:12 UTC (rev 14527) +++ trunk/squirrelmail/doc/ChangeLog 2015-11-30 22:53:13 UTC (rev 14528) @@ -400,6 +400,8 @@ can edit their reply-to address ($edit_reply_to in config.php) - Added new "login_before_page_header" (boolean) hook; allows plugins to have more explicit control over login page header + - Added new "smtp_helo_override" hook; allows plugins to override + the HELO host sent to the SMTP server when sending messages Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2016-10-29 19:38:38
|
Revision: 14593 http://sourceforge.net/p/squirrelmail/code/14593 Author: pdontthink Date: 2016-10-29 19:38:35 +0000 (Sat, 29 Oct 2016) Log Message: ----------- Update change log Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2016-10-29 19:30:16 UTC (rev 14592) +++ trunk/squirrelmail/doc/ChangeLog 2016-10-29 19:38:35 UTC (rev 14593) @@ -402,6 +402,8 @@ plugins to have more explicit control over login page header - Added new "smtp_helo_override" hook; allows plugins to override the HELO host sent to the SMTP server when sending messages + - Added PDO support for database connections, so no external + database module needs to be installed Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2017-04-24 20:22:17
|
Revision: 14651 http://sourceforge.net/p/squirrelmail/code/14651 Author: pdontthink Date: 2017-04-24 20:22:15 +0000 (Mon, 24 Apr 2017) Log Message: ----------- Add one more person Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2017-04-24 19:46:13 UTC (rev 14650) +++ trunk/squirrelmail/doc/ChangeLog 2017-04-24 20:22:15 UTC (rev 14651) @@ -405,8 +405,8 @@ - Added PDO support for database connections, so no external database module needs to be installed - Fixed insufficient sendmail command argument escaping (thanks - to Mitchel Sahertian, Maor Shwartz and Dawid Golunski for - bringing this to our attention). [CVE-2017-7692] + to Mitchel Sahertian, Maor Shwartz, Dawid Golunski and Filippo + Cavallarin for bringing this to our attention). [CVE-2017-7692] Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2017-04-25 16:58:18
|
Revision: 14654 http://sourceforge.net/p/squirrelmail/code/14654 Author: pdontthink Date: 2017-04-25 16:58:16 +0000 (Tue, 25 Apr 2017) Log Message: ----------- Change credits Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2017-04-25 16:57:14 UTC (rev 14653) +++ trunk/squirrelmail/doc/ChangeLog 2017-04-25 16:58:16 UTC (rev 14654) @@ -405,7 +405,7 @@ - Added PDO support for database connections, so no external database module needs to be installed - Fixed insufficient sendmail command argument escaping (thanks - to Mitchel Sahertian, Maor Shwartz, Dawid Golunski and Filippo + to Mitchel Sahertian, Beyond Security/Dawid Golunski and Filippo Cavallarin for bringing this to our attention). [CVE-2017-7692] Version 1.5.1 (branched on 2006-02-12) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2017-06-17 20:26:33
|
Revision: 14687 http://sourceforge.net/p/squirrelmail/code/14687 Author: pdontthink Date: 2017-06-17 20:26:31 +0000 (Sat, 17 Jun 2017) Log Message: ----------- Add note about squirrelspell plugin change Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2017-06-17 20:23:12 UTC (rev 14686) +++ trunk/squirrelmail/doc/ChangeLog 2017-06-17 20:26:31 UTC (rev 14687) @@ -407,6 +407,11 @@ - Fixed insufficient sendmail command argument escaping (thanks to Mitchel Sahertian, Beyond Security/Dawid Golunski and Filippo Cavallarin for bringing this to our attention). [CVE-2017-7692] + - Added ability to control the display of the "Check Spelling" + button provided by the squirrelspell plugin, which allows + administrators to offer this plugin but keep it out of the way + for users who do not want it. Put sqspell_show_button=0 in + default preferences if it should be hidden by default Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2017-11-18 23:00:02
|
Revision: 14737 http://sourceforge.net/p/squirrelmail/code/14737 Author: pdontthink Date: 2017-11-18 22:59:59 +0000 (Sat, 18 Nov 2017) Log Message: ----------- Add ability for saved drafts to indicate if they are a reply or forward and if so, to which message, and mark that message as replied or forwarded when the draft is finally sent Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2017-11-18 22:58:10 UTC (rev 14736) +++ trunk/squirrelmail/doc/ChangeLog 2017-11-18 22:59:59 UTC (rev 14737) @@ -412,6 +412,9 @@ administrators to offer this plugin but keep it out of the way for users who do not want it. Put sqspell_show_button=0 in default preferences if it should be hidden by default + - Add ability for saved drafts to indicate if they are a reply + or forward and if so, to which message, and mark that message + as replied or forwarded when the draft is finally sent Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2017-11-22 06:15:43
|
Revision: 14742 http://sourceforge.net/p/squirrelmail/code/14742 Author: pdontthink Date: 2017-11-22 06:15:41 +0000 (Wed, 22 Nov 2017) Log Message: ----------- Add option to allow returning to the message one had been replying to after sending Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2017-11-22 06:08:38 UTC (rev 14741) +++ trunk/squirrelmail/doc/ChangeLog 2017-11-22 06:15:41 UTC (rev 14742) @@ -415,6 +415,8 @@ - Add ability for saved drafts to indicate if they are a reply or forward and if so, to which message, and mark that message as replied or forwarded when the draft is finally sent + - Added option to allow returning to the message one had been + replying to after sending Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2018-04-04 07:49:50
|
Revision: 14755 http://sourceforge.net/p/squirrelmail/code/14755 Author: pdontthink Date: 2018-04-04 07:49:48 +0000 (Wed, 04 Apr 2018) Log Message: ----------- Correct CVE number Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2018-04-04 07:49:31 UTC (rev 14754) +++ trunk/squirrelmail/doc/ChangeLog 2018-04-04 07:49:48 UTC (rev 14755) @@ -417,7 +417,8 @@ as replied or forwarded when the draft is finally sent - Added option to allow returning to the message one had been replying to after sending - - Sanitize user-supplied attachment filenames [CVE-2017-7692] + - Sanitize user-supplied attachment filenames (thanks to Florian + Grunow for reporting this issue) [CVE-2018-8741] Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2018-08-25 21:16:33
|
Revision: 14772 http://sourceforge.net/p/squirrelmail/code/14772 Author: pdontthink Date: 2018-08-25 21:03:09 +0000 (Sat, 25 Aug 2018) Log Message: ----------- Change anti-CSRF security token lifetime to be session-based Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2018-08-25 20:57:06 UTC (rev 14771) +++ trunk/squirrelmail/doc/ChangeLog 2018-08-25 21:03:09 UTC (rev 14772) @@ -419,6 +419,7 @@ replying to after sending - Sanitize user-supplied attachment filenames (thanks to Florian Grunow for reporting this issue) [CVE-2018-8741] + - Changed anti-CSRF security token lifetime to be session-based. Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2019-02-27 03:45:43
|
Revision: 14810 http://sourceforge.net/p/squirrelmail/code/14810 Author: pdontthink Date: 2019-02-27 03:45:41 +0000 (Wed, 27 Feb 2019) Log Message: ----------- Updated SVG handling, closing several related vulnerabilities reported in #2831 and CVE-2018-14950, CVE-2018-14951, CVE-2018-14952, CVE-2018-14953, CVE-2018-14954, CVE-2018-14955 Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2019-02-27 03:31:33 UTC (rev 14809) +++ trunk/squirrelmail/doc/ChangeLog 2019-02-27 03:45:41 UTC (rev 14810) @@ -423,6 +423,9 @@ - Added favicon and ability for admins to use their own by setting $head_tag_extra in config_local.php (see documentation in config/config_local.php) + - Updated SVG handling, closing several related vulnerabilities + (#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952] + [CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955] Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2019-07-24 01:13:13
|
Revision: 14831 http://sourceforge.net/p/squirrelmail/code/14831 Author: pdontthink Date: 2019-07-24 01:13:11 +0000 (Wed, 24 Jul 2019) Log Message: ----------- Document CVE-2019-12970 fix Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2019-07-24 01:07:50 UTC (rev 14830) +++ trunk/squirrelmail/doc/ChangeLog 2019-07-24 01:13:11 UTC (rev 14831) @@ -429,6 +429,8 @@ - Added IMAP ID command (RFC2971), sent after every login - use by setting $imap_id_command_args in config/config_local.php (see notes in config/config_local.example.php for more details) + - Added handling for RCDATA and RAWTEXT elements in HTML sanitizer + [CVE-2019-12970] Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2020-03-25 00:20:46
|
Revision: 14853 http://sourceforge.net/p/squirrelmail/code/14853 Author: pdontthink Date: 2020-03-25 00:20:42 +0000 (Wed, 25 Mar 2020) Log Message: ----------- Document $php_self_pattern and $php_self_replacement Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2020-03-25 00:15:14 UTC (rev 14852) +++ trunk/squirrelmail/doc/ChangeLog 2020-03-25 00:20:42 UTC (rev 14853) @@ -431,6 +431,14 @@ (see notes in config/config_local.example.php for more details) - Added handling for RCDATA and RAWTEXT elements in HTML sanitizer [CVE-2019-12970] + - Added the ability to modify of the value of the global $PHP_SELF + variable used throughout the SquirrelMail code (though less so + in version 1.5.2). The administrator may do so by adding the + configuration settings $php_self_pattern and $php_self_replacement + to config/config_local.php, where the pattern should be a full + regular expression including the delimiters. This may be helpful + when the web server sees traffic from a proxy so the normal + $PHP_SELF does not resolve to what it should be for the real client. Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2020-05-23 19:42:56
|
Revision: 14863 http://sourceforge.net/p/squirrelmail/code/14863 Author: pdontthink Date: 2020-05-23 19:42:53 +0000 (Sat, 23 May 2020) Log Message: ----------- More accurate filesizes Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2020-05-23 19:42:22 UTC (rev 14862) +++ trunk/squirrelmail/doc/ChangeLog 2020-05-23 19:42:53 UTC (rev 14863) @@ -439,6 +439,8 @@ regular expression including the delimiters. This may be helpful when the web server sees traffic from a proxy so the normal $PHP_SELF does not resolve to what it should be for the real client. + - Show more accurate filesize for uploaded files and base64-encoded + attachments (when reading a message) Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2021-01-15 16:34:48
|
Revision: 14877 http://sourceforge.net/p/squirrelmail/code/14877 Author: pdontthink Date: 2021-01-15 16:34:45 +0000 (Fri, 15 Jan 2021) Log Message: ----------- Give attribution Modified Paths: -------------- trunk/squirrelmail/doc/ChangeLog Modified: trunk/squirrelmail/doc/ChangeLog =================================================================== --- trunk/squirrelmail/doc/ChangeLog 2021-01-15 16:30:25 UTC (rev 14876) +++ trunk/squirrelmail/doc/ChangeLog 2021-01-15 16:34:45 UTC (rev 14877) @@ -441,7 +441,8 @@ $PHP_SELF does not resolve to what it should be for the real client. - Show more accurate filesize for uploaded files and base64-encoded attachments (when reading a message) - - Added fixes for PHP version 8 compatibility + - Added fixes for PHP version 8 compatibility (thanks to Marcel Pol for + bringing this to our attention) Version 1.5.1 (branched on 2006-02-12) -------------------------------------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |