c356f22de8
ChangLog: Version 1.4.9a - 3 December 2006 -------------------------------- - Security: Multiple IE cross site scripting issues related to the widely acceptation of the word expression and url by IE. - Security: Removing @import when sanitizing html mail. Version 1.4.9 - 2 December 2006 ------------------------------- - Drop obsolete script plugins/make_archive.pl. - Fixed Google translate form in translate plugin. Added new language pairs. - Added XMAGICTRASH extension tests in configtest utility. Removed code that handled 'inbox.trash' as special folder in courier (#1354393). - Allowed moving folders to trash in courier. - Fix misspelled constant PREG_SPLIT_NI_EMPTY in sqimap_get_message (#1543573). - Provide View Unsafe Images link on viewing a text/html attachment. - Fix variable typo in folders_create.php (#1545316). - Added Courier IMAP OUTBOX check to configtest utility. - If mailbox name starts with slash or contains ../, error message is generated. Safety check for insecure default UW IMAP setup (#1557078). - Ignore message copy errors when messages are deleted. Allows to delete messages when quota is exceeded (#614887, #646386, #1446026). - Fixed unintended literal fetching (#1562271). - Added global file based address book listing controls. Added line length configuration option for local_file address book backend (#1181561). Added address book data integrity checks in local_file address book backend. Fixed eregi and object notices in local_file and database address book backends. Added additional address book field support. - Fixed variable corruption in configtest utility. - Checked if configuration file is readable in configuration utility (#1568355). - Special mailboxes marked in special_mailbox hook are no longer listed in folder delete, rename and subscription options. - Translate plugin: prevent PHP notice when viewing empty message. - Add CEST and MEST (non-standard) timezone codes for +0200. - Add <label> to From field in message list. - Add support for parsing SpamAssassin's X-Spam-Status header (#1589520). - Fix in bodystructure parser code related to strings ending with an escape character. - Added "attachment */*" hook - Added third parameter $logout_link to logout_error hook that allows plugin control over login page URI displayed on login error page. - Security: close cross site scripting vulnerability in draft, compose and mailto functionality [CVE-2006-6142]. - Security: work around an issue in Internet Explorer that would guess the mime type of a file based on contents, not Content-Type header. |
||
---|---|---|
.. | ||
patch-aa |