githubFork/roundcubemail.git

			@@ -1,9 +1,48 @@
			CHANGELOG Roundcube Webmail
			===========================

			- Enigma: Handle encrypted/signed content inside message/rfc822 attachments
			- Enigma: Fix missing html/plain switch on multipart/signed messages (#1490649)
			- Enigma: Disable format=flowed for signed plain text messages (#1490646)
			- Enigma: Fix handling of encrypted + signed messages (#1490632)
			- Enigma: Fix invalid boundary use in signed messages structure
			- Enable use of TLSv1.1 and TLSv1.2 for IMAP (#1490640)
			- Save copy of original .htaccess file when using installto.sh script (1490623)
			- Fix regression where some message attachments could be missing on edit/forward (#1490608)
			- Fix regression in displaying contents of message/rfc822 parts (#1490606)
			- Fix handling of message/rfc822 attachments on replies and forwards (#1490607)
			- Fix PDF support detection in Firefox > 19 (#1490610)
			- Fix path traversal vulnerability in setting a skin [CVE-2015-8770] (#1490620)
			- Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619)
			- Fix .htaccess rewrite rules to not block .well-known URIs (#1490615)
			- Fix mail view scaling on iOS (#1490551)
			- Fix PHP7 warning "session_start(): Session callback expects true/false return value" (#1490624)
			- Fix XSS issue in SVG images handling (#1490625)
			- Fix missing language name in "Add to Dictionary" request in HTML mode (#1490634)
			- Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] (#1490643)
			- Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#1490647)
			- Fix bug in long recipients list parsing for cases where recipient name contained @-char (#1490653)
			- Plugin API: Added addressbook_export hook
			- Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#1490657)
			- Hide DSN option in Preferences when smtp_server is not used (#1490666)
			- Fix handling of body parameter in mail compose request
			- Protect download urls against CSRF using unique request tokens (#1490642)
			- newmail_notifier: Refactor desktop notifications
			- Fix so contactlist_fields option can be set via config file

			RELEASE 1.2-beta
			----------------
			- Update TinyMCE to version 4.2
			- Remove backward compatibility "layer" of bc.php (#1490534)
			- Add possibility to define date format in write operations for ldap attributes (#1488741)
			- Display attachment size in compose (#1484774)
			- Added possibility to drag-n-drop attachments from mail preview to compose window
			- Implemented mail messages searching with predefined date interval
			- PGP encryption support via Mailvelope integration
			- PGP encryption support via Enigma plugin
			- PHP7 compatibility fixes (#1490416)
			- Security: Added brute-force attack prevention via login rate limit (#1490566)
			- Security: Added options to validate username/password on logon (#1490500)
			- Security: Improve randomness of security tokens (#1490529)
			- Security: Use random security tokens instead of hashes based on encryption key (#1490404)
			- Security: Improved encrypt/decrypt methods with option to choose the cipher_method (#1489719)
			@@ -36,6 +75,13 @@
			- Fix so microseconds macro (u) in log_date_format works (#1490446)
			- Fix so unrecognized TNEF attachments are displayed on the list of attachments (#1490351)
			- Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542)
			- Fix responses list update issue after response name change (#1490555)
			- Fix bug where message preview was unintentionally reset on check-recent action (#1490563)
			- Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539)
			- Fix redundant blank lines when using HTML and top posting (#1490576)
			- Fix redundant blank lines on start of text after html to text conversion (#1490577)
			- Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583)
			- Fix invalid LDAP query in ACL user autocompletion (#1490591)

			RELEASE 1.1.3
			-------------
			@@ -66,7 +112,7 @@
			- Fix "washing" of style elements wrapped into many lines
			- Fix so input field (e.g. search box) does not loose focus on list load (#1490455)
			- Fix so css of one html part does not apply to other text parts on message display (#1490505)
			- Fix XSS issue in drag-n-drop file uploads (#1490530)
			- Fix XSS issue in drag-n-drop file uploads [CVE-2015-8105] (#1490530)
			- Fix handling of plus character in mailto: links (#1490510)
			- Fix so adding CC/BCC recipients from the sidebar unhides compose form fields in Classic skin (#1490472)
			- Fix so gc.sh script removes also expired sessions from sql database (#1490512)
			@@ -152,7 +198,7 @@
			- Fix bug where max_group_members was ignored when adding a new contact (#1490214)
			- Hide MDN and DSN options in compose if disabled by admin (#1490221)
			- Fix checks based on window.ActiveXObject in IE > 10
			- Fix XSS issue in style attribute handling (#1490227)
			- Fix XSS issue in style attribute handling [CVE-2015-1433] (#1490227)
			- Fix bug where Drafts list wasn't updated on draft-save action in new window (#1490225)
			- Fix so "set as default" option is hidden if identities_level > 1 (#1490226)
			- Fix bug where search was reset after returning from compose visited for reply
			@@ -180,7 +226,7 @@
			- Fix drag-n-drop to folders expanded while dragging (#1490157)
			- Fix import of multiple contact groups from Google-csv format (#1490159)
			- Fix import of contacts with multiple email addresses from Google-csv format (#1490178)
			- Fix bugs where CSRF attacks were still possible on some requests
			- Fix bugs where CSRF attacks were still possible on some requests [CVE-2014-9587]
			- Fix some rcube_utils::anytodatetime() corner cases with timezone mismatches (#1490163)
			- Improve move-to and contact-export button in classic skin (#1490166)
			- Fix wrong icon for download button in classic skin