- Upgrade to version 1.3.8:
* Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
* Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
* Enigma: Fix deleting keys with authentication subkeys (#6381)
* Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
* Fix so Classic skin splitter does not escape out of window (#6397)
* Fix XSS issue in handling invalid style tag content (#6410)
* Fix compatibility with MySQL 8 - error on 'system' table use
* Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
* New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
* Fix support for "allow-from " in x_frame_options config option (#6449)
* Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
* Fix multiple VCard field search (#6466)
* Fix session issue on long running requests (#6470)
- add files with .log entry to logrotate config
- enhance apache configuration by:
+ disable mbstring function overload (http://bugs.php.net/bug.php?id=30766)
+ do not allow to see README*, INSTALL, LICENSE or CHANGELOG files
+ set additional headers:
++ Content-Security-Policy: ask browsers to not set the referrer
++ Cache-Control: ask not to cache the content
++ Strict-Transport-Security: set HSTS rules for SSL traffic
++ X-XSS-Protection: configure built in reflective XSS protection
- adjust README.openSUSE:
+ db.inc.php is not used any longer
+ flush privileges after creating/changing users in mysql
- use %%license macro on newer distributions
OBS-URL: https://build.opensuse.org/request/show/644894
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=121
New features:
- Allow searching across multiple folders
- Improved support for screen readers and assistive technology using
WCAG 2.0 andWAI ARIA standards
- Update to TinyMCE 4.1 to support images in HTML signatures (copy & paste)
- Added namespace filter and folder searching in folder manager
- New config option to disable UI elements/actions
- Stronger password encryption using OpenSSL
- Support for the IMAP SPECIAL-USE extension
- Support for Oracle as database backend
- Manage 3rd party libs with Composer
- Secure URLs [1] (disabled by default)
Changelog:
Make SMTP error log more verbose - include server response and error code
Fix download options menu (added by zipdownload plugin) in classic skin (#1490228)
Fix blocked.gif image usage with assets_dir set
Fix bug where max_group_members was ignored when adding a new contact (#1490214)
Hide MDN and DSN options in compose if disabled by admin (#1490221)
Fix checks based on window.ActiveXObject in IE > 10
Fix XSS issue in style attribute handling (#1490227)
Fix bug where Drafts list wasn't updated on draft-save action in new window (#1490225)
Fix so "set as default" option is hidden if identities_level > 1 (#1490226)
Fix bug where search was reset after returning from compose visited for reply
Fix javascript error in "IE 8.0/Tablet PC" browser (#1490210)
Fix bug where Reply-To address was ignored on reply to messages sent by self (#1490233)
Fix bug where empty fieldmap config entries caused empty results of ldap search (#1490229)
Fix bug where drafts list wasn't refreshed after draft message was sent from another window (#1490238)
Fix keyboard navigation and css in datepicker widget across many Firefox versions
Fix false warning when opening attached text/plain files (#1490241)
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=91
