- Enigma: Add possibility to configure gpg-agent binary location (enigma_pgp_agent)
- Enigma: Fix signature verification with some IMAP servers, e.g. Gmail, DBMail (#5371)
- Enigma: Make recipient key searches case-insensitive (#5434)
- Fix regression in resizing JPEG images with Imagick (#5376)
- Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372)
- Use SymLinksIfOwnerMatch in .htaccess instead of FollowSymLinks disabled on some hosts for security reasons (#5370)
- Wash position:fixed style in HTML mail for better security (#5264)
- Fix bug where memcache_debug didn't work for session operations
- Fix bug where Message-ID domain part was tied to username instead of current identity (#5385)
- Fix bug where blocked.gif couldn't be attached to reply/forward with insecure content
- Fix E_DEPRECATED warning when using Auth_SASL::factory() (#5401)
- Fix bug where names of downloaded files could be malformed when derived from the message subject (#5404)
- Fix so "All" messages selection is resetted on search reset (#5413)
- Fix bug where folder creation could fail if personal namespace contained more than one entry (#5403)
- Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified (#5400)
- Fix PHP warning when handling shared namespace with empty prefix (#5420)
- Fix so folders list is scrolled to the selected folder on page load (#5424)
- Fix so when moving to Trash we make sure the folder exists (#5192)
- Fix displaying size of attachments with zero size
- Fix so "Action disabled" error uses more appropriate 404 code (#5440)
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=104
Plugin API: Add html2text hook
Plugin API: Added addressbook_export hook
Fix missing emoticons on html-to-text conversion
Fix random "access to this resource is secured against CSRF" message at logout (#4956)
Fix missing language name in "Add to Dictionary" request in HTML mode (#4951)
Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955)
Fix XSS issue in SVG images handling (#4949)
Fix (again) security issue in DBMail driver of password plugin CVE-2015-2181
Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#4961)
Fix bug in long recipients list parsing for cases where recipient name contained @-char (#4964)
Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#4966)
Hide DSN option in Preferences when smtp_server is not used (#4967)
Protect download urls against CSRF using unique request tokens (#4957)
newmail_notifier: Refactor desktop notifications
Fix so contactlist_fields option can be set via config file
Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782)
Fix performance in reverting order of THREAD result
Fix converting mail addresses with @www. into mailto links (#5197)
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=101
- Update to 1.1.4
Add workaround for https://bugs.php.net/bug.php?id=70757 (#1490582)
Fix duplicate messages in list and wrong count after delete (#1490572)
Fix so Installer requires PHP5
Make brute force attacks harder by re-generating security token on every failed login (#1490549)
Slow down brute-force attacks by waiting for a second after failed login (#1490549)
Fix .htaccess rewrite rules to not block .well-known URIs (#1490615)
Fix mail view scaling on iOS (#1490551)
Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542)
Fix responses list update issue after response name change (#1490555)
Fix bug where message preview was unintentionally reset on check-recent action (#1490563)
Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539)
Fix redundant blank lines when using HTML and top posting (#1490576)
Fix redundant blank lines on start of text after html to text conversion (#1490577)
Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583)
Fix invalid LDAP query in ACL user autocompletion (#1490591)
Fix regression in displaying contents of message/rfc822 parts (#1490606)
Fix handling of message/rfc822 attachments on replies and forwards (#1490607)
Fix PDF support detection in Firefox > 19 (#1490610)
Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620)
Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619)
- explicitely add required PHP packages (according to INSTALL):
+ php-dom, php-json, php-sockets
- also recommend additional PHP packages:
+ php-zip, php-pear-Crypt_GPG
- use generic php- prefix also for recommended packages (no explicit php5-)
- no Dockerfile readme any more
OBS-URL: https://build.opensuse.org/request/show/351471
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=96
- Update to 1.1.2
Add new plugin hook 'identity_create_after' providing the ID of the inserted identity (#1490358)
Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below]
Fix handling of %-encoded entities in mailto: URLs (#1490346)
Fix zipped messages downloads after selecting all messages in a folder (#1490339)
Fix vpopmaild driver of password plugin
Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#1490343)
Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#1490337)
Fix message list header in classic skin on window resize in Internet Explorer (#1490213)
Fix so text/calendar parts are listed as attachments even if not marked as such (#1490325)
Fix lack of signature separator for plain text signatures in html mode (#1490352)
Fix font artifact in Google Chrome on Windows (#1490353)
Fix bug where forced extwin page reload could exit from the extwin mode (#1490350)
Fix bug where some unrelated attachments in multipart/related message were not listed (#1490355)
Fix mouseup event handling when dragging a list record (#1490359)
Fix bug where preview_pane setting wasn't always saved into user preferences (#1490362)
Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#1490372)
Fix security issue in contact photo handling (#1490379)
Fix possible memcache/apc cache data consistency issues (#1490390)
Fix bug where imap_conn_options were ignored in IMAP connection test (#1490392)
Fix bug where some files could have "executable" extension when stored in temp folder (#1490377)
Fix attached file path unsetting in database_attachments plugin (#1490393)
Fix issues when using moduserprefs.sh without --user argument (#1490399)
Fix potential info disclosure issue by protecting directory access (#1490378)
Fix blank image in html_signature when saving identity changes (#1490412)
Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)
Fix XSS vulnerability in _mbox argument handling (#1490417)
OBS-URL: https://build.opensuse.org/request/show/311197
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=93
New features:
- Allow searching across multiple folders
- Improved support for screen readers and assistive technology using
WCAG 2.0 andWAI ARIA standards
- Update to TinyMCE 4.1 to support images in HTML signatures (copy & paste)
- Added namespace filter and folder searching in folder manager
- New config option to disable UI elements/actions
- Stronger password encryption using OpenSSL
- Support for the IMAP SPECIAL-USE extension
- Support for Oracle as database backend
- Manage 3rd party libs with Composer
- Secure URLs [1] (disabled by default)
Changelog:
Make SMTP error log more verbose - include server response and error code
Fix download options menu (added by zipdownload plugin) in classic skin (#1490228)
Fix blocked.gif image usage with assets_dir set
Fix bug where max_group_members was ignored when adding a new contact (#1490214)
Hide MDN and DSN options in compose if disabled by admin (#1490221)
Fix checks based on window.ActiveXObject in IE > 10
Fix XSS issue in style attribute handling (#1490227)
Fix bug where Drafts list wasn't updated on draft-save action in new window (#1490225)
Fix so "set as default" option is hidden if identities_level > 1 (#1490226)
Fix bug where search was reset after returning from compose visited for reply
Fix javascript error in "IE 8.0/Tablet PC" browser (#1490210)
Fix bug where Reply-To address was ignored on reply to messages sent by self (#1490233)
Fix bug where empty fieldmap config entries caused empty results of ldap search (#1490229)
Fix bug where drafts list wasn't refreshed after draft message was sent from another window (#1490238)
Fix keyboard navigation and css in datepicker widget across many Firefox versions
Fix false warning when opening attached text/plain files (#1490241)
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=91
