45dced3b8f
Bump version to 1.3.13
6 years ago
884eb61162
Security: Fix cross-site scripting (XSS) via malicious XML attachment
6 years ago
fc97dc2e67
Bump version to 1.3.12
6 years ago
db49dba3e4
Security: Better fix for CVE-2020-12641
6 years ago
fe0d97e5e0
Bump version to 1.3.11
6 years ago
c0eea755cf
Fix local file inclusion (and code execution) via crafted 'plugins' option
6 years ago
47f431b1d6
Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings
6 years ago
23c06159ae
Fix XSS issue in handling of CDATA in HTML messages
6 years ago
3483c6407f
Fix PHP Warning: Use of undefined constant LOG_EMERGE ( #6991 )
6 years ago
e97837ba21
Fix bug where inline images could have been ignored if Content-Id header contained redundant spaces ( #6980 )
6 years ago
4683204ddf
Fix PHP Warning: Redis::connect() expects parameter 2 to be int, string given
6 years ago
0132ff0d85
Fix PHP 7.4 warning: "Creating default object from empty value"
6 years ago
2348899a3f
Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs ( #6896 )
6 years ago
554a20fe49
Fix security issue where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class ( #6897 )
6 years ago
c0c42d1075
Fix bug where some strict remote URIs in url() style were unintentionally blocked ( #6899 )
6 years ago
d0d8c1ace5
Fix security issue where it was possible to bypass the position:fixed CSS check in received messages ( #6898 )
6 years ago
f2e610dbe5
Bump version to 1.3.10
6 years ago
45e099b0be
Fix implode() wrong parameter order ( #6866 )
...
It has been deprecated in PHP 7.4.
Such as PHP deprecated: implode(): Passing glue string after array is deprecated. Swap the parameters in /var/www/roundcubemail/program/lib/Roundcube/rcube_db.php on line 917
Signed-off-by: Jack Cherng <jfcherng@gmail.com>
6 years ago
42c473aedd
Fix wrong messages order after returning to a multi-folder search result ( #6836 )
7 years ago
22375170df
Fix bug in converting multi-page Tiff images into Jpeg ( #6824 )
...
When using 'convert' binary we have to use -flatten argument (the same
as we do with thumbnails) otherwise it will produce multiple output files
with -0, -1, etc. suffix. This way we make sure to generate only one image
until we support multi-page Tiff properly.
7 years ago
1cd1990053
Fix PHP error when using Net_LDAP3 from master
...
get_entry() method signature has changed. We don't really needed
that override in rcube_ldap_generic, so it's now removed.
7 years ago
06c5a20331
Update rcube_utils::parse_host, fixes #6746
...
Updated regexps used in parse_host to ensure that %t, %d, %z do not cut off domain and return only tld when underlying host has no subdomain (i.e., is just domain.tld rather than mail.domain.tld). Update fixes #6746 , now returns nothing shorter than domain.tld.
Also removed backslash from character class, period does not need to be escaped within character class.
7 years ago
55ebae3c1e
Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758)
7 years ago
8b706775f3
Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp ( #6744 )
...
Looks like \R is not allowed in character class, but \r\n is fine.
On PHP 7.3.5 it throws warnings and empty result from preg_replace(),
though I couldn't reproduce.
7 years ago
9cb1912553
Fix bug where bmp images couldn't be displayed on some systems ( #6728 )
7 years ago
7b8a183e9f
Bump version to 1.3.9
7 years ago
1d7b488841
Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead ( #6581 )
7 years ago
1418812c89
Fix bug in parsing some IMAP command responses that include unsolicited replies ( #6577 )
7 years ago
eec0d76360
Fix regression in vcard parser
7 years ago
8dec8fb60a
Fix handling of empty entries in vCard import ( #6564 )
7 years ago
4619f030f2
Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list ( #6494 )
7 years ago
b1a8a4b627
Bump version to 1.3.8
7 years ago
a34a206b60
Fix session issue on long running requests ( #6470 )
7 years ago
e3f6d4184f
Fix multiple VCard field search ( #6466 )
7 years ago
c22c177e53
Fix bug where valid content between HTML comments could have been skipped in some cases ( #6464 )
7 years ago
4303c59467
New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params ( #6419 )
7 years ago
8b6da9a65a
Fix invalid regular expressions that throw warnings on PHP 7.3 ( #6398 )
7 years ago
d8a1f99db9
Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 ( #6383 )
7 years ago
a411d8cb87
Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 ( #6374 )
8 years ago
9f79a7ae6f
Bump version to 1.3.7
8 years ago
2e3648b24f
Fix bug where some HTML comments could have been malformed by HTML parser ( #6333 )
8 years ago
e5050f8087
Fix bug where after "mark all folders as read" action message counters were not reset ( #6307 )
...
also fixed one PHP 7.2 warning
8 years ago
e8de88ac74
Fix bug where unicode contact names could have been broken/emptied or caused DB errors ( #6299 )
8 years ago
53f93944c0
Merge branch 'release-1.3' of github.com:roundcube/roundcubemail into release-1.3
8 years ago
16b5a345e0
Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names
...
Conflicts:
plugins/archive/archive.php
8 years ago
616e130bc4
Add sanity check when auto-unsubscribing non-existing folders
8 years ago
d9eed3625b
Fix bug where some escape sequences in html styles could bypass security checks
8 years ago
7dfbb62b78
Parse all quotas from GETQUOTAROOT ( #6280 )
8 years ago
8477b881e5
Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl ( #6244 )
8 years ago
357f9380c3
Bump version to 1.3.6
8 years ago
Thomas Bruederli