Aleksander Machniak
|
0ba44f0d92
|
Fix bug in remote content blocking on HTML image and style tags (#6178)
|
6 years ago |
Aleksander Machniak
|
e252736ef1
|
Merge branch 'release-1.0' of github.com:roundcube/roundcubemail into release-1.0
|
6 years ago |
Thomas Bruederli
|
0b42424e41
|
Bump version + add CVE ID
|
7 years ago |
Aleksander Machniak
|
4f5d8ab015
|
Update changelog
|
7 years ago |
Aleksander Machniak
|
8d87bb34f3
|
Fix file disclosure vulnerability caused by insuficient input validation in relation with attachment plugins (#6026)
|
7 years ago |
Thomas Bruederli
|
ca74231733
|
Bump version to 1.0.11
|
7 years ago |
Aleksander Machniak
|
62edcc6283
|
Add CVE ident
|
7 years ago |
Aleksander Machniak
|
271426429b
|
Password: Fix security issue in virtualmin and sasl drivers
|
7 years ago |
Thomas Bruederli
|
511793c25f
|
Update Changelog + bump version to 1.0.10
|
7 years ago |
Thomas Bruederli
|
37cae3ecfa
|
Strip HTML tags inside CSS style definitions
|
7 years ago |
Aleksander Machniak
|
b0f57a7edc
|
Fix XSS issue in handling of a style tag inside of an svg element
|
7 years ago |
Aleksander Machniak
|
a54dde834c
|
Fix vulnerability in handling of mail()'s 5th argument
|
8 years ago |
Aleksander Machniak
|
5d2aaa68c3
|
Fix _from argument validation
|
8 years ago |
Aleksander Machniak
|
dc0c6067b7
|
Update changelog
|
8 years ago |
Aleksander Machniak
|
1e275ac13a
|
Wash position:fixed style in HTML mail for better security (#5264)
|
8 years ago |
Aleksander Machniak
|
f1ca20d993
|
Don't create multipart/alternative messages with empty text/plain part (#5283)
Conflicts:
CHANGELOG
program/steps/mail/sendmail.inc
|
8 years ago |
Thomas Bruederli
|
7b37ef8a33
|
Avoid sending completely empty text parts for multipart/alternative messages (#5283)
|
8 years ago |
Aleksander Machniak
|
acf633c73b
|
Fix XSS issue in href attribute on area tag (#5240, #5241)
Conflicts:
CHANGELOG
|
8 years ago |
Thomas Bruederli
|
cde7a9eb74
|
Bump version to 1.0.9
|
8 years ago |
Thomas Bruederli
|
b76d8e91d6
|
Transliterate ticket IDs after migration to Github issues
|
8 years ago |
Aleksander Machniak
|
74c75ee529
|
Refer to Github issues instead of Trac
|
8 years ago |
Thomas Bruederli
|
fca89f0e77
|
Refer to Github issues instead of Trac
|
8 years ago |
Aleksander Machniak
|
10f24c034b
|
Hide DSN option in Preferences when smtp_server is not used (#1490666)
|
8 years ago |
Aleksander Machniak
|
3c988b0f08
|
Update changelog
|
8 years ago |
Aleksander Machniak
|
5466f71dd6
|
Fix a regression where some contact data was missing in export and PHP warnings were logged (Kolab #4522)
|
8 years ago |
Aleksander Machniak
|
efe06f2b12
|
Bring back additional_message_headers compatibility with Mail_Mime < 1.9
|
8 years ago |
Aleksander Machniak
|
b2d4cfa89a
|
Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#1490657)
Conflicts:
CHANGELOG
plugins/additional_message_headers/composer.json
|
8 years ago |
Aleksander Machniak
|
3e12784cc2
|
Fix bug in long recipients list parsing for cases where recipient name contained @-char (#1490653)
|
8 years ago |
Aleksander Machniak
|
7496302945
|
Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#1490647)
Conflicts:
program/js/app.js
|
8 years ago |
Aleksander Machniak
|
a7fac6afb6
|
Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] (#1490643)
Unify the C program code with the one used by other drivers.
Conflicts:
CHANGELOG
|
8 years ago |
Aleksander Machniak
|
889989db06
|
Fix regression where xml mode could be used to parse xhtml messages causing empty result
|
9 years ago |
Aleksander Machniak
|
73f8b524f3
|
Improved SVG cleanup code
|
9 years ago |
Aleksander Machniak
|
190c658fe3
|
Refactor wash_attribs() - fix regressions
|
9 years ago |
Aleksander Machniak
|
ffd5ffc30a
|
Extend rcube_washtml with SVG support
Conflicts:
program/lib/Roundcube/rcube_washtml.php
|
9 years ago |
Aleksander Machniak
|
3faf89c354
|
Fix XSS issue in SVG images handling (#1490625)
Conflicts:
CHANGELOG
program/steps/mail/get.inc
|
9 years ago |
Francis Russell
|
e77b5f7dd7
|
Make TLS method for IMAP parameterisable.
|
9 years ago |
Francis Russell
|
6a70e56e5e
|
Enable use of TLSv1.1 and TLSv1.2 for IMAP.
Conflicts:
CHANGELOG
|
9 years ago |
Thomas Bruederli
|
2c0a550105
|
Bump version to 1.0.8; update Changelog
|
9 years ago |
Aleksander Machniak
|
222f47c042
|
Fix .htaccess rewrite rules to not block .well-known URIs (#1490615)
Conflicts:
.htaccess
|
9 years ago |
Aleksander Machniak
|
82fcd4e757
|
Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619)
Conflicts:
program/js/app.js
|
9 years ago |
Aleksander Machniak
|
21b523c29b
|
Fix path traversal vulnerability in setting a skin (#1490620)
|
9 years ago |
Aleksander Machniak
|
50403d66e0
|
Fix PDF support detection in Firefox > 19 (#1490610)
Conflicts:
CHANGELOG
program/js/app.js
|
9 years ago |
Aleksander Machniak
|
5579ef6621
|
Fix handling of message/rfc822 attachments on replies and forwards (#1490607)
Conflicts:
CHANGELOG
program/lib/Roundcube/rcube_message.php
program/steps/mail/compose.inc
program/steps/mail/func.inc
|
9 years ago |
Aleksander Machniak
|
6402eb7f78
|
Fix charset encoding of message/rfc822 part bodies (#1490606)
|
9 years ago |
Aleksander Machniak
|
e7d1a80a80
|
Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583)
Conflicts:
CHANGELOG
|
9 years ago |
Aleksander Machniak
|
48ab1add35
|
Add workaround for https://bugs.php.net/bug.php?id=70757 (#1490582)
Conflicts:
CHANGELOG
|
9 years ago |
Thomas Bruederli
|
7bd7d60add
|
Bump version to 1.0.7
|
9 years ago |
Aleksander Machniak
|
969547784e
|
Fix issue where Content-Length of some attachments could be set to wrong value causing browser errors (#1490482)
|
9 years ago |
Aleksander Machniak
|
4ec947715d
|
Fix XSS issue in drag-n-drop file uploads (#1490530)
Conflicts:
CHANGELOG
|
9 years ago |
Aleksander Machniak
|
175ca6fd65
|
Fix so In-Reply-To header is set also for MDN receipts (#1490523)
|
9 years ago |