From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 CHANGELOG |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 3eabdb4..91cb3c3 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,10 +1,19 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Enable use of TLSv1.1 and TLSv1.2 for IMAP (#1490640)
+- Save copy of original .htaccess file when using installto.sh script (1490623)
 - Fix regression where some message attachments could be missing on edit/forward (#1490608)
 - Fix regression in displaying contents of message/rfc822 parts (#1490606)
 - Fix handling of message/rfc822 attachments on replies and forwards (#1490607)
 - Fix PDF support detection in Firefox > 19 (#1490610)
+- Fix path traversal vulnerability in setting a skin [CVE-2015-8770] (#1490620)
+- Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619)
+- Fix .htaccess rewrite rules to not block .well-known URIs (#1490615)
+- Fix mail view scaling on iOS (#1490551)
+- Fix PHP7 warning "session_start(): Session callback expects true/false return value" (#1490624)
+- Fix XSS issue in SVG images handling (#1490625)
+- Fix missing language name in "Add to Dictionary" request in HTML mode (#1490634)
 
 RELEASE 1.2-beta
 ----------------

--
Gitblit v1.9.1