From 12b7d5f1b5a8be70a34844685993843456db5f46 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:30:33 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)

---
 UPGRADING |   35 +++++++++++++++++++++++++++++------
 1 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/UPGRADING b/UPGRADING
index 67c1245..fe0ad4d 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -32,18 +32,33 @@
    - ./bin/
    - ./SQL/
    - ./program/
-2. rsync the contents of the following folders from your installation
+   - ./installer/
+2. Replace the configuration defaults files:
+   - config/defaults.inc.php
+   - config/mimetypes.php
+3. rsync the contents of the following folders from your installation
    directory into the target folder:
    ./skins/
    ./plugins/
-3. Run ./bin/update.sh from the commandline OR
+   ./vendor/
+4a. If you previously installed plugins through composer, update dependencies
+   by running `php composer.phar update --no-dev`
+4b. Install/update dependencies using composer:
+   - get composer from https://getcomposer.org/download/
+   - rename the composer.json-dist file into composer.json
+   - if you want to use LDAP address books, enable the LDAP libraries in your
+     composer.json file by moving the items from "suggest" to the "require"
+     section (remove the explanation texts after the version!).
+   - run `php composer.phar install --no-dev`
+5. Run `./bin/update.sh` from the commandline OR
    open http://url-to-roundcube/installer/ in a browser and choose "3 Test config".
    To enable the latter one, you have to temporary set 'enable_installer'
-   to true in your local config/main.inc.php file.
-4. Let the update script/installer check your configuration and
+   to true in your local config/config.inc.php file.
+   WARNING: See SQLite database upgrade below.
+6. Let the update script/installer check your configuration and
    update your config files and database schema as suggested by the updater.
-5. Make sure 'enable_installer' is set to false again.
-6. See Post-Upgrade Activities section.
+7. Make sure 'enable_installer' is set to false again.
+8. See Post-Upgrade Activities section.
 
 
 Post-Upgrade Activities
@@ -54,3 +69,11 @@
    your folder settings contain namespace prefix. For example Courier users
    should add INBOX. prefix to folder names in main configuration file.
 4. Check system requirements in INSTALL file.
+
+SQLite database upgrade
+-----------------------
+Versions older than 0.9 were supporting SQLite v2 only. Newer versions require
+database in v3 format. The best what you can do is to convert database file
+to the new format using command line tools:
+
+sqlite OLD.DB .dump | sqlite3 NEW.DB

--
Gitblit v1.9.1