SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for roundcubemail-1.3.15-bp152.4.3.1.noarch.rpm :

* Thu Aug 13 2020 Lars Vogdt - Upgrade to 1.3.15 This is a security update to the LTS version 1.3. (bsc#1175135)
* Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145]
* Security: Fix cross-site scripting (XSS) via HTML messages with malicious math content From 1.3.14 (bsc#1173792 -> CVE-2020-15562)
* Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace From 1.3.13
* Installer: Fix regression in SMTP test section (#7417) From 1.3.12
* Security: Better fix for CVE-2020-12641 (bsc#1171148)
* Security: Fix XSS issue in template object \'username\' (#7406)
* Security: Fix couple of XSS issues in Installer (#7406)
* Security: Fix cross-site scripting (XSS) via malicious XML attachment From 1.3.11 (bsc#1171148 -> CVE-2020-12641 bsc#1171040 -> CVE-2020-12625 bsc#1171149 -> CVE-2020-12640)
* Enigma: Fix compatibility with Mail_Mime >= 1.10.5
* Fix permissions on some folders created by bin/install-jsdeps.sh script (#6930)
* Fix bug where inline images could have been ignored if Content-Id header contained redundant spaces (#6980)
* Fix PHP Warning: Use of undefined constant LOG_EMERGE (#6991)
* Fix PHP warning: \"array_merge(): Expected parameter 2 to be an array, null given in sendmail.inc (#7003)
* Security: Fix XSS issue in handling of CDATA in HTML messages
* Security: Fix remote code execution via crafted \'im_convert_path\' or \'im_identify_path\' settings
* Security: Fix local file inclusion (and code execution) via crafted \'plugins\' option
* Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302) From 1.3.10 (bsc#1146286)
* Managesieve: Fix so \"Create filter\" option does not show up when Filters menu is disabled (#6723)
* Enigma: Fix bug where revoked users/keys were not greyed out in key info
* Enigma: Fix error message when trying to encrypt with a revoked key (#6607)
* Enigma: Fix \"decryption oracle\" bug [CVE-2019-10740] (#6638)
* Fix compatibility with kolab/net_ldap3 > 1.0.7 (#6785)
* Fix bug where bmp images couldn\'t be displayed on some systems (#6728)
* Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744)
* Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758)
* Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746)
* Fix bug where Next/Prev button in mail view didn\'t work with multi-folder search result (#6793)
* Fix bug where selection of columns on messages list wasn\'t working
* Fix bug in converting multi-page Tiff images to Jpeg (#6824)
* Fix wrong messages order after returning to a multi-folder search result (#6836)
* Fix PHP 7.4 deprecation: implode() wrong parameter order (#6866)
* Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898)
* Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899)
* Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897)
* Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896) From 1.3.9 (bsc#1115718)
* Fix TinyMCE download location (#6694)
* Fix bug where a message/rfc822 part without a filename wasn\'t listed on the attachments list (#6494)
* Fix handling of empty entries in vCard import (#6564)
* Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577)
* Fix PHP 7.2 compatibility in debug_logger plugin (#6586)
* Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581)
* Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599)
* Fix missing CSRF token on a link to download too-big message part (#6621)
* Fix bug when aborting dragging with ESC key didn\'t stop the move action (#6623)
* Fix bug where next row wasn\'t selected after deleting a collapsed thread (#6655) From 1.3.8
* Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
* Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
* Enigma: Fix deleting keys with authentication subkeys (#6381)
* Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
* Fix so Classic skin splitter does not escape out of window (#6397)
* Fix XSS issue in handling invalid style tag content (#6410)
* Fix compatibility with MySQL 8 - error on \'system\' table use
* Managesieve: Fix bug where show_real_foldernames setting wasn\'t respected (#6422)
* New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
* Fix support for \"allow-from \" in \"x_frame_options\" config option (#6449)
* Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
* Fix multiple VCard field search (#6466)
* Fix session issue on long running requests (#6470) From 1.3.7 (bsc#1115719)
* Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244)
* Fix bug where some parts of quota information could have been ignored (#6280)
* Fix bug where some escape sequences in html styles could bypass security checks
* Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names
* Fix bug where only attachments with the same name would be ignored on zip download (#6301)
* Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299)
* Fix bug where after \"mark all folders as read\" action message counters were not reset (#6307)
* Enigma: [EFAIL] Don\'t decrypt PGP messages with no MDC protection (#6289)
* Fix bug where some HTML comments could have been malformed by HTML parser (#6333)
* Fri Apr 13 2018 kbabiochAATTsuse.com- Upgrade to version 1.3.6
* Fix parsing date strings (e.g. from a Date: mail header) with comments
* Fix PHP 7.2: count(): Parameter must be an array in enchant-based spellchecker
* Fix possible IMAP command injection and type juggling vulnerabilities
* Enigma: Fix key selection for signing
* Enigma: Enable keypair generation on Internet Explorer 11
* Fix check_request() bypass in places using get_uids() (CVE-2018-9846 boo#1067574)
* Fix bug where usernames without domain part could be malformed or converted to lower-case on logon
* Fri Mar 16 2018 joop.boonenAATTopensuse.org- Upgrade to version 1.3.5
* Added new skin with mobile support - the Elastic
* Support Redis cache
* Improved Mailvelope integration - Added private key listing and generating to identity settings - Enable encrypt & sign option if Mailvelope supports it
* Update to jQuery-3.3.1
* vcard_attachments: Add possibility to send contact vCard from Contacts toolbar (#6080)
* Add More actions button in Contacts toolbar with Copy/Move actions (#6081)
* Display an error when clicking disabled link to register protocol handler (#6079)
* Add option trusted_host_patterns (#6009, #5752)
* Support SMTPUTF8 and relax email address validation to support unicode in local part (#5120)
* Support additional connect parameters in PostgreSQL database wrapper
* Use UI dialogs instead of confirm() and alert() where possible
* Display value of the SMTP message size limit in the error message (#6032)
* Skip redundant INSERT query on successful logon when using PHP7
* Replace display_version with display_product_version (#5904)
* Extend disabled_actions config so it accepts also button names (#5903)
* Handle remote stylesheets the same as remote images, ask the user to allow them (#5994)
* Add Message-ID to the sendmail log (#5871)
* Managesieve: Add ability to disable filter sets and other actions (#5496, #5898)
* Managesieve: Add option managesieve_forward to enable settings dialog for simple forwarding (#6021)
* Managesieve: Support filter action with custom IMAP flags (#6011)
* Managesieve: Support \'mime\' extension tests - RFC5703 (#5832)
* Managesieve: Support GSSAPI authentication with krb_authentication plugin (#5779)
* Changed defaults for smtp_user (%u), smtp_pass (%p) and smtp_port (587)
* Composer: Fix certificate validation errors by using packagist only (#5148)
* Enigma: Add button to send mail unencrypted if no key was found (#5913)
* Enigma: Add options to set PGP cipher/digest algorithms (#5645)
* Enigma: Multi-host support
* Add --get and --extract arguments and CACHEDIR env-variable support to install-jsdeps.sh (#5882)
* Update to jquery-minicolors 2.2.6
* Support _filter and _scope as GET arguments for opening mail UI (#5825)
* Support for IMAP folders that cannot contain both folders and messages (#5057)
* Added .user.ini file for php-fpm (#5846)
* Email Resent (Bounce) feature (#4985)
* Various improvements for templating engine and skin behaviours - Support conditional include - Support for \'link\' objects - Support including files with path relative to templates directory - Use
 
ICM