c735224770
* It seems that http://secunia.com/advisories/49894 and http://secunia.com/advisories/50214 are fixed Changelog: Version 4.0.7 Aug 15th 2012 Show Login Button when user and password are auto-completed Sanitize LDAP base, user and groups Fix non active Adressbooks Calendar: Remove double html encoding Fix label for versioning in admin settings Add parent directory into filecache if it ©¹doesn¡t exist Handle non writable files correctly Disable webfinger completely if not activated Security: Disable user listings in DAV Check file blacklist for file renames Security: Fix XSS bug in Gallery Security: Several CSRF security fixes Security: Validate cookie to prevent auth bypasses Special thanks to Julien Cayssol for reporting several security problems Version 4.0.6 Aug 1th 2012 More robust LDAP integration during unexpected collisions Fix sharing for users with @ in username Additional error handling for emailing of private links Cleanup old session files Fix user space calculation Fix Ampache authentication Remove delete tipsy if file is deleted Don¡t delete lot¡s of session files during DAV requests Fix error when no adressbook is created Check if php-ldap is installed Security: Check for Admin user in appconfig.php Security: Several CSRF security fixes Version 4.0.5 July 20th 2012 Fix remember the username and autologin Offer an option to allow sharing outside the group. Fix for birthday format Fixes for several encoding fixes for unicode characters Fix invalid filesystem cache in the sharing folder Several calendar and contacts fixes Fix sending of emails Several fixes in the system log Several fixes for the external filesystem feature Several CSRF security fixes |
||
|---|---|---|
| .. | ||
| DESCR | ||
| distinfo | ||
| INSTALL | ||
| Makefile | ||
| MESSAGE | ||
| options.mk | ||
| PLIST | ||