- Upgrade to version 1.3.8:
* Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
* Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
* Enigma: Fix deleting keys with authentication subkeys (#6381)
* Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
* Fix so Classic skin splitter does not escape out of window (#6397)
* Fix XSS issue in handling invalid style tag content (#6410)
* Fix compatibility with MySQL 8 - error on 'system' table use
* Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
* New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
* Fix support for "allow-from " in x_frame_options config option (#6449)
* Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
* Fix multiple VCard field search (#6466)
* Fix session issue on long running requests (#6470)
- add files with .log entry to logrotate config
- enhance apache configuration by:
+ disable mbstring function overload (http://bugs.php.net/bug.php?id=30766)
+ do not allow to see README*, INSTALL, LICENSE or CHANGELOG files
+ set additional headers:
++ Content-Security-Policy: ask browsers to not set the referrer
++ Cache-Control: ask not to cache the content
++ Strict-Transport-Security: set HSTS rules for SSL traffic
++ X-XSS-Protection: configure built in reflective XSS protection
- adjust README.openSUSE:
+ db.inc.php is not used any longer
+ flush privileges after creating/changing users in mysql
- use %%license macro on newer distributions
OBS-URL: https://build.opensuse.org/request/show/644894
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=121
- Enigma: Add possibility to configure gpg-agent binary location (enigma_pgp_agent)
- Enigma: Fix signature verification with some IMAP servers, e.g. Gmail, DBMail (#5371)
- Enigma: Make recipient key searches case-insensitive (#5434)
- Fix regression in resizing JPEG images with Imagick (#5376)
- Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372)
- Use SymLinksIfOwnerMatch in .htaccess instead of FollowSymLinks disabled on some hosts for security reasons (#5370)
- Wash position:fixed style in HTML mail for better security (#5264)
- Fix bug where memcache_debug didn't work for session operations
- Fix bug where Message-ID domain part was tied to username instead of current identity (#5385)
- Fix bug where blocked.gif couldn't be attached to reply/forward with insecure content
- Fix E_DEPRECATED warning when using Auth_SASL::factory() (#5401)
- Fix bug where names of downloaded files could be malformed when derived from the message subject (#5404)
- Fix so "All" messages selection is resetted on search reset (#5413)
- Fix bug where folder creation could fail if personal namespace contained more than one entry (#5403)
- Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified (#5400)
- Fix PHP warning when handling shared namespace with empty prefix (#5420)
- Fix so folders list is scrolled to the selected folder on page load (#5424)
- Fix so when moving to Trash we make sure the folder exists (#5192)
- Fix displaying size of attachments with zero size
- Fix so "Action disabled" error uses more appropriate 404 code (#5440)
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=104
