CHANGELOG Roundcube Webmail =========================== - Managesieve: Refactored script parser to be 100x faster - Enigma: Added option to attach public keys to sent mail (#5152) - Enigma: Handle messages with text before an encrypted block (#5149) - Enigma: Handle encrypted/signed content inside message/rfc822 attachments - Enigma: Fix missing html/plain switch on multipart/signed messages (#1490649) - Enigma: Disable format=flowed for signed plain text messages (#1490646) - Enigma: Fix handling of encrypted + signed messages (#1490632) - Enigma: Fix invalid boundary use in signed messages structure - Enable use of TLSv1.1 and TLSv1.2 for IMAP (#1490640) - Save copy of original .htaccess file when using installto.sh script (1490623) - Fix regression where some message attachments could be missing on edit/forward (#1490608) - Fix regression in displaying contents of message/rfc822 parts (#1490606) - Fix handling of message/rfc822 attachments on replies and forwards (#1490607) - Fix PDF support detection in Firefox > 19 (#1490610) - Fix path traversal vulnerability in setting a skin [CVE-2015-8770] (#1490620) - Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619) - Fix .htaccess rewrite rules to not block .well-known URIs (#1490615) - Fix mail view scaling on iOS (#1490551) - Fix PHP7 warning "session_start(): Session callback expects true/false return value" (#1490624) - Fix XSS issue in SVG images handling (#1490625) - Fix missing language name in "Add to Dictionary" request in HTML mode (#1490634) - Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] (#1490643) - Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#1490647) - Fix bug in long recipients list parsing for cases where recipient name contained @-char (#1490653) - Plugin API: Added addressbook_export hook - Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#1490657) - Hide DSN option in Preferences when smtp_server is not used (#1490666) - Fix handling of body parameter in mail compose request - Protect download urls against CSRF using unique request tokens (#1490642) - newmail_notifier: Refactor desktop notifications - Fix so contactlist_fields option can be set via config file - Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782) RELEASE 1.2-beta ---------------- - Update TinyMCE to version 4.2 - Remove backward compatibility "layer" of bc.php (#1490534) - Add possibility to define date format in write operations for ldap attributes (#1488741) - Display attachment size in compose (#1484774) - Added possibility to drag-n-drop attachments from mail preview to compose window - Implemented mail messages searching with predefined date interval - PGP encryption support via Mailvelope integration - PGP encryption support via Enigma plugin - PHP7 compatibility fixes (#1490416) - Security: Added brute-force attack prevention via login rate limit (#1490566) - Security: Added options to validate username/password on logon (#1490500) - Security: Improve randomness of security tokens (#1490529) - Security: Use random security tokens instead of hashes based on encryption key (#1490404) - Security: Improved encrypt/decrypt methods with option to choose the cipher_method (#1489719) - Make optional adding of standard signature separator - sig_separator (#1487768) - Optimize folder_size() on Cyrus IMAP by using special folder annotation (#1490514) - Make optional hidding of folders with name starting with a dot - imap_skip_hidden_folders (#1490468) - Add option to enable HTML editor always, except when replying to plain text messages (#1489365) - Emoticons: Added option to switch on/off emoticons in compose editor (#1485732) - Emoticons: Added option to switch on/off emoticons in plain text messages - Emoticons: All emoticons-related functionality is handled by the plugin now - Installer: Add button to save generated config file in system temp directory (#1488149) - Remove common subject prefixes Re:, Re[x]:, Re-x: on reply (#1490497) - Added GSSAPI/Kerberos authentication plugin - krb_authentication - Password: Allow temporarily disabling the plugin functionality with a notice - Require Mbstring and OpenSSL extensions (#1490415) - Add --config and --type options to moduserprefs.sh script (#1490051) - Implemented memcache_debug and apc_debug options - Installer: Remove system() function use (#1490139) - Password plugin: Added 'kpasswd' driver by Peter Allgeyer - Add initdb.sh to create database from initial.sql script with prefix support (#1490188) - Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook - Plugin API: Added html2text hook - Plugin API: Added message_part_body hook - Plugin API: Added message_ready hook - Plugin API: Add special onload() method to execute plugin actions before startup (session and GUI initialization) - Implemented UI element to jump to specified page of the messages list (#1485235) - Fix searching of contacts to allow remote images for known senders (#1490504) - Fix bug where clicking date column with 'arrival' sorting would switch to sorting by 'date' (#1490126) - Fix bug where message content could overlap attachments list in Larry skin (#1490479) - Fix so microseconds macro (u) in log_date_format works (#1490446) - Fix so unrecognized TNEF attachments are displayed on the list of attachments (#1490351) - Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542) - Fix responses list update issue after response name change (#1490555) - Fix bug where message preview was unintentionally reset on check-recent action (#1490563) - Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539) - Fix redundant blank lines when using HTML and top posting (#1490576) - Fix redundant blank lines on start of text after html to text conversion (#1490577) - Fix HTML sanitizer to skip in output (#1490583) - Fix invalid LDAP query in ACL user autocompletion (#1490591) RELEASE 1.1.3 ------------- - Fix closing of nested menus (#1490443) - Fix so E_DEPRECATED errors from PEAR libs are ignored by error_reporting change (#1490281) - Fix compatibility with PHP 5.3 in rcube_ldap class (#1490424) - Get rid of Mail_mimeDecode package dependency (#1490416) - Fix "Importing..." message does not hide on error (#1490422) - Fix Compose action in addressbook for results from multiple addressbooks (#1490413) - Fix bug where some messages in multi-folder search couldn't be viewed/printed/downloaded (#1490426) - Fix unintentional messages list page change on page switch in compose addressbook (#1490427) - Fix race-condition in saving user preferences and loading plugin config (#1490431) - Fix so plain text signature field uses monospace font (#1490435) - Fix so links with href == content aren't added to links list on html to text conversion (#1490434) - Fix handling of non-break spaces in html to text conversion (#1490436) - Fix self-reply detection issues (#1490439) - Fix multi-folder search result sorting by arrival date (#1490450) - Fix so *-request@ addresses in Sender: header are also ignored on reply-all (#1490452) - Update to TinyMCE 4.1.10 (#1490405) - Fix draft removal after a message is sent and storing sent message is disabled (#1490467) - Fix so imap folder attribute comparisons are case-insensitive (#1490466) - Fix bug where new messages weren't added to the list in search mode - Fix wrong positioning of message list header on page scroll in Webkit browsers (#1490035) - Fix some javascript errors in rare situations (#1490441) - Fix error when using back button after sending an email (#1490009) - Fix removing signature when switching to identity with an empty sig in HTML mode (#1490470) - Disable links list generation on html-to-text conversion of identities or composed message (#1490437) - Fix "washing" of style elements wrapped into many lines - Fix so input field (e.g. search box) does not loose focus on list load (#1490455) - Fix so css of one html part does not apply to other text parts on message display (#1490505) - Fix XSS issue in drag-n-drop file uploads [CVE-2015-8105] (#1490530) - Fix handling of plus character in mailto: links (#1490510) - Fix so adding CC/BCC recipients from the sidebar unhides compose form fields in Classic skin (#1490472) - Fix so gc.sh script removes also expired sessions from sql database (#1490512) - Fix support for Mozilla-based browsers, e.g. Pale Moon (#1490517) - Fix various issues with Turkish (and similar) locales (#1490519) - Fix so In-Reply-To header is set also for MDN receipts (#1490523) - Fix missing HTTP_X_FORWARDED_FOR address in generated Received header - Fix issue where Content-Length of some attachments could be set to wrong value causing browser errors (#1490482) RELEASE 1.1.2 ------------- - Add new plugin hook 'identity_create_after' providing the ID of the inserted identity (#1490358) - Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below] - Fix handling of %-encoded entities in mailto: URLs (#1490346) - Fix zipped messages downloads after selecting all messages in a folder (#1490339) - Fix vpopmaild driver of password plugin - Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#1490343) - Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#1490337) - Fix message list header in classic skin on window resize in Internet Explorer (#1490213) - Fix so text/calendar parts are listed as attachments even if not marked as such (#1490325) - Fix lack of signature separator for plain text signatures in html mode (#1490352) - Fix font artifact in Google Chrome on Windows (#1490353) - Fix bug where forced extwin page reload could exit from the extwin mode (#1490350) - Fix bug where some unrelated attachments in multipart/related message were not listed (#1490355) - Fix mouseup event handling when dragging a list record (#1490359) - Fix bug where preview_pane setting wasn't always saved into user preferences (#1490362) - Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#1490372) - Fix security issue in contact photo handling (#1490379) - Fix possible memcache/apc cache data consistency issues (#1490390) - Fix bug where imap_conn_options were ignored in IMAP connection test (#1490392) - Fix bug where some files could have "executable" extension when stored in temp folder (#1490377) - Fix attached file path unsetting in database_attachments plugin (#1490393) - Fix issues when using moduserprefs.sh without --user argument (#1490399) - Fix potential info disclosure issue by protecting directory access (#1490378) - Fix blank image in html_signature when saving identity changes (#1490412) - Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402) - Fix XSS vulnerability in _mbox argument handling (#1490417) RELEASE 1.1.1 ------------- - ACL: Allow other plugins to adjust the list of permissions and groups to edit - Add possibility to print contact information (of a single contact) - Add possibility to configure max_allowed_packet value for all database engines (#1490283) - Improved handling of storage errors after message is sent - Update to TinyMCE 4.1.9 - Unified request* event arguments handling, added support for _unlock and _action parameters - Security: Generate random hash for the per-user local storage prefix (#1490279) - Fix refreshing of drafts list when sending a message which was saved in meantime (#1490238) - Fix saving/sending emoticon images when assets_dir is set - Fix PHP fatal error when visiting Vacation interface and there's no sieve script yet (#1490292) - Fix setting max packet size for DB caches and check packet size also in shared cache - Fix needless security warning on BMP attachments display (#1490282) - Fix handling of some improper constructs in format=flowed text as per the RFC3676[4.5] (#1490284) - Fix performance of rcube_db_mysql::get_variable() - Fix missing or not up-to-date CATEGORIES entry in vCard export (#1490277) - Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function (#1490280) - Fix cursor position on reply below the quote in HTML mode (#1490263) - Fix so "over quota" errors are displayed also in message compose page - Fix duplicate entries supression in autocomplete result (#1490290) - Fix "Non-static method PEAR::isError() should not be called statically" errors (#1490281) - Fix parsing invalid HTML messages with BOM after (#1490291) - Fix duplicate entry on timezones list in rcube_config::timezone_name_from_abbr() (#1490293) - Fix so localized folder name is displayed in multi-folder search result (#1490243) - Fix javascript error after creating a folder which is a subfolder of another one (#1490297) - Fix bug where subject of sent/saved message was removed if mbstring wasn't installed (#1490295) - Fix missing vcard_attachment icon on messages list (#1490303) - Fix storing signatures with big images in MySQL database (#1490306) - Fix Opera browser detection in javascript (#1490307) - Fix so search filter, scope and fields are reset on folder change - Fix rows count when messages search fails (#1490266) - Fix bug where spellchecking in HTML editor do not work after switching editor type more than once (#1490311) - Fix bug where TinyMCE area height was too small on slow network connection (#1490310) - Fix backtick character handling in sql queries (#1490312) - Fix redirect URL for attachments loaded in an iframe when behind a proxy (#1490191) - Fix menu container references to point to the actual