Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-10 18:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,489 Commits 72 Branches 205 Tags
release-1.5
Commit Graph

1466 Commits

Author SHA1 Message Date
Aleksander Machniak
c15f5dbf09 Fix regression 2026-02-08 10:31:41 +01:00
Aleksander Machniak
5a3315cce5 Fix regressions 2026-02-08 10:08:14 +01:00
Aleksander Machniak
bf89cbaa58 Fix CSS injection vulnerability reported by CERT Polska 2026-02-08 09:40:21 +01:00
Aleksander Machniak
3ea9e6596a Fix remote image blocking bypass via SVG content reported by nullcathedral 2026-02-08 09:39:53 +01:00
Aleksander Machniak
49263ba2a0 Fix the regexp so it will produce less false-positives 2026-02-08 09:38:51 +01:00
Aleksander Machniak
3cb52d6db1 Fix Information Disclosure vulnerability in the HTML style sanitizer 
reported by somerandomdev
 2025-12-14 09:14:18 +01:00
Aleksander Machniak
f4856e3f91 Fix Cross-Site-Scripting vulnerability via SVG's animate tag 
reported by Valentin T., CrowdStrike
 2025-12-14 09:14:07 +01:00
Pablo Zmdl
7408f31379 Validate URL parameter in upload code (#9866) 2025-06-01 09:22:17 +02:00
Aleksander Machniak
522e20f32a Fix regression causing inline SVG images to be missing in mail preview (#9644) 2024-09-29 14:01:10 +02:00
Aleksander Machniak
316a0dd455 Fix regression where HTML messages were displayed unstyled (#9586) 2024-08-16 19:59:39 +02:00
Aleksander Machniak
44cec17e8f Fix regression where printing/scaling/rotating image attachments was broken (#9571) 2024-08-08 14:08:08 +02:00
Aleksander Machniak
ed98839031 Fix so install/update scripts do not require PEAR (#9037) 2024-08-04 11:22:55 +02:00
Aleksander Machniak
53da61f7fc Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] 
Credits to Oskar Zeino-Mahmalat (Sonar) https://www.sonarsource.com
 2024-08-04 10:30:13 +02:00
Aleksander Machniak
c222ea8b99 - Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] 
Credits to Oskar Zeino-Mahmalat (Sonar) https://www.sonarsource.com
 2024-08-04 10:30:06 +02:00
Aleksander Machniak
1b3bb11d4f Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:29:58 +02:00
Aleksander Machniak
5c0fbde168 Fix PHP8 warnings 2024-05-19 11:04:47 +02:00
Aleksander Machniak
4da20eb1d1 Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes 
Reported by Valentin T. and Lutz Wolf of CrowdStrike.
 2024-05-19 10:21:09 +02:00
Aleksander Machniak
61a3c9aa89 Fix command injection via crafted im_convert_path/im_identify_path on Windows 
Reported by Huy Nguyễn Phạm Nhật.
 2024-05-19 10:13:35 +02:00
Aleksander Machniak
5ec496885e Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download 
Thanks to rehme.infosec for reporting the issues.
 2023-11-04 17:58:08 +01:00
Aleksander Machniak
b78637c762 Fix merge conflict 2023-10-14 18:24:16 +02:00
Aleksander Machniak
8d823e2947 Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages (#9168) 2023-10-14 18:19:00 +02:00
Aleksander Machniak
ef7c00ac2d Makefile: Backports and fix version number 2023-09-18 10:26:49 +02:00
Aleksander Machniak
fe42e143ca Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages 
Thanks to Niraj Shivtarkar for the report.
 2023-09-14 10:11:34 +02:00
Aleksander Machniak
401eae025d Fix PHP8 warning 2023-07-28 14:03:42 +02:00
Aleksander Machniak
5d5da0364d Fix PHP8 warning 2023-07-28 12:51:08 +02:00
Aleksander Machniak
0e4caf123a Fix PHP 8.2 fatal error when imap_conn_options.proxy_protocol is not an array 2023-07-20 13:18:03 +02:00
Aleksander Machniak
fd42f1c214 Add rcube_db::error_info() 2023-07-20 10:30:07 +02:00
Aleksander Machniak
5a44e539fd Fix PHP7 compat. break in last commit 2023-06-14 13:05:08 +02:00
Aleksander Machniak
56a1d651f0 Fix so output of log_date_format with microseconds contains time in server time zone, not UTC 2023-06-14 13:04:55 +02:00
Aleksander Machniak
feb75c042b Fix PHP8 warnings 2023-06-12 12:13:25 +02:00
Aleksander Machniak
494045c8d4 Fix compat. with PHP5 2023-06-06 14:59:04 +02:00
Aleksander Machniak
5e2c85c9a1 Fix PHP8 warnings 2023-06-06 14:52:28 +02:00
Michael Steininger
278633b150 Fix php 8.0 warning if db_dsnr is used (#8779) 2022-11-11 11:39:09 +01:00
Aleksander Machniak
6abd913566 Fix so N property always exists in a vCard export (#8771) 2022-11-02 11:55:17 +01:00
Thomas Bruederli
88c1566126 Prepare release 1.5.3 2022-06-22 10:28:04 +02:00
Aleksander Machniak
9822616191 Fix support for DSN specification without host e.g. pgsql:///dbname (#8558) 2022-06-18 14:13:16 +02:00
Aleksander Machniak
62d0287e61 Fix bug where title tag content was displayed in the body if it contained HTML tags (#8540) 2022-05-28 09:13:47 +02:00
Aleksander Machniak
22066d8ffc Fix broken encoding of HTML content encapsulated in a RTF attachment (#8444) 2022-04-17 09:22:55 +02:00
Aleksander Machniak
96e9427616 Fix bug where session could time out if DB and PHP timezone were different (#8303) 2022-03-13 11:42:04 +01:00
Aleksander Machniak
35160841ba Fix PHP8 warning (#8466) 2022-03-12 09:39:45 +01:00
Aleksander Machniak
d760749ca3 Fix handling of message/rfc822 parts that are small and are multipart structures with a single part (#8458) 2022-03-08 19:55:54 +01:00
Arkadiusz Miśkiewicz
617f329304 Fix regression in showing attachments (#8425). (#8430) 
a5c2b4360c started initializing
$this->got_html_part always but this check wasn't updated.
 2022-01-31 18:13:25 +01:00
Aleksander Machniak
b66bbf2902 Fix setting HTML mode on reply/forward of a signed message (#8405) 
Simplify and unify has_html_part() and has_text_part() methods.
 2022-01-30 09:21:28 +01:00
Aleksander Machniak
5bcb76298e Fix setting HTML mode on reply/forward of a signed message (#8405) 2022-01-30 09:21:13 +01:00
Aleksander Machniak
c33541b03a Fix handling of RFC2231-encoded attachment names inside of a message/rfc822 part (#8418) 2022-01-29 10:18:02 +01:00
Aleksander Machniak
4ea9b1b58f Fix a couple of PHP8 warnings (#8420) 2022-01-29 08:37:35 +01:00
Aleksander Machniak
fbc424546d Fix bug where small message/rfc822 parts could not be decoded (#8408) 2022-01-22 09:44:42 +01:00
Aleksander Machniak
243312c50f Fix various PHP8 warnings (#8392) 2022-01-11 19:06:24 +01:00
Aleksander Machniak
ee88d02cc1 Fix PHP Warning: Undefined array key "value" on PHP8 (#8382) 2022-01-08 08:33:23 +01:00
Aleksander Machniak
8894fddd59 Security: Fix cross-site scripting (XSS) via HTML messages with malicious CSS content 2021-12-29 19:03:16 +01:00