D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
self
/
root
/
var
/
softaculous
/
roundcube
/
Filename :
changelog.txt
back
Copy
## Release 1.6.9 - Fix regression where printing/scaling/rotating image attachments was broken (#9571) - Fix regression where HTML messages were displayed unstyled (#9586) ## Release 1.6.8 - Managesieve: Protect special scripts in managesieve_kolab_master mode - Fix newmail_notifier notification focus in Chrome (#9467) - Fix fatal error when parsing some TNEF attachments (#9462) - Fix double scrollbar when composing a mail with many plain text lines (#7760) - Fix decoding mail parts with multiple base64-encoded text blocks (#9290) - Fix bug where some messages could get malformed in an import from a MBOX file (#9510) - Fix invalid line break characters in multi-line text in Sieve scripts (#9543) - Fix bug where "with attachment" filter could fail on some fts engines (#9514) - Fix bug where an unhandled exception was caused by an invalid image attachment (#9475) - Fix bug where a long subject title could not be displayed in some cases (#9416) - Fix infinite loop when parsing malformed Sieve script (#9562) - Fix bug where imap_conn_option's 'socket' was ignored (#9566) - Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] - Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] - Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] ## Release 1.6.7 - Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313) - Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312) - Fix bug in collapsing/expanding folders with some special characters in names (#9324) - Fix PHP8 warnings (#9363, #9365, #9429) - Fix missing field labels in CSV import, for some locales (#9393) - Fix command injection via crafted im_convert_path/im_identify_path on Windows - Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences - Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes ## Release 1.6.6 - Fix regression in handling LDAP search_fields configuration parameter (#9210) - Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3 - Fix page jump menu flickering on click (#9196) - Update to TinyMCE 5.10.9 security release (#9228) - Fix PHP8 warnings (#9235, #9238, #9242, #9306) - Fix saving other encryption settings besides enigma's (#9240) - Fix unneeded php command use in installto.sh and deluser.sh scripts (#9237) - Fix TinyMCE localization installation (#9266) - Fix bug where trailing non-ascii characters in email addresses could have been removed in recipient input (#9257) - Fix IMAP GETMETADATA command with options - RFC5464