Changelog for 1.8.004.20131001

This commit is contained in:
Ralf Becker 2013-10-01 15:15:08 +00:00
parent c6d2a0c6ce
commit e27dc30c76

View File

@ -1,3 +1,21 @@
egroupware (1.8.004.20131001) hardy; urgency=low
* THIS RELEASE CONTAINS IMPORTANT SECURITY FIXES, PLEASE UPDATE ASAP
* Security: fixed remote code execution
* API: using now httponly and secure cookies (secure only if https is used to login)
* API: header.inc.php uses for new installations or on update now secure password hashes like they were used for accounts since some time now
* Setup: uses now a session instead of storing credentials in a cookie
* Filemanager: html downloads get now either force a download or - if brower supports - use a content-security-policiy header to mitigate risk of session hijacking
* THANKS and credits to Marcel Mangold <marcel.mangold@syss.de>, Pascal Uter <pascal.uter@syss.de> from SySS GmbH for notifying us about above problems and hardening possibilities
* Addressbook: deleting an account now also takes care of deleting or changing ownership of distribution lists (beside contacts as before)
* EMail/all apps: fixed notifications caused EMail to loose connection to IMAP server
* eMail: fix possible problem when mail-message-body (text or html part) is empty
* eMail: fix problem for folder preferences did not overrule folders set by getSpecialUseFolders
* eMail/Sieve: improved capability parsing
* eMail/IMAP: fix for failed connection for subsequent connects when using STARTTLS in certain enviroments
-- Ralf Becker <rb@stylite.de> Tue, 01 Oct 2013 17:15:08 +0200
egroupware (1.8.004.20130831) hardy; urgency=low
* Addressbook/CardDAV: fixed not working (forced) preference to display only accounts of groupmembers