Skip to content
Aaron edited this page Aug 14, 2019 · 31 revisions

CHANGELOG

RELEASE 1.3.9

  • Fix TinyMCE download location(s) (#6694)
  • Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494)
  • Fix handling of empty entries in vCard import (#6564)
  • Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577)
  • Fix PHP 7.2 compatibility in debug_logger plugin (#6586)
  • Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581)
  • Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599)
  • Fix missing CSRF token on a link to download too-big message part (#6621)
  • Fix bug when aborting dragging with ESC key didn't stop the move action (#6623)
  • Fix bug where next row wasn't selected after deleting a collapsed thread (#6655)

RELEASE 1.3.8

  • Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
  • Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
  • Enigma: Fix deleting keys with authentication subkeys (#6381)
  • Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
  • Fix so Classic skin splitter does not escape out of window (#6397)
  • Fix XSS issue in handling invalid style tag content (#6410)
  • Fix compatibility with MySQL 8 - error on 'system' table use
  • Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
  • New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
  • Fix support for "allow-from " in x_frame_options config option (#6449)
  • Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
  • Fix multiple VCard field search (#6466)
  • Fix session issue on long running requests (#6470)

RELEASE 1.3.7

  • Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244)
  • Fix bug where some parts of quota information could have been ignored (#6280)
  • Fix bug where some escape sequences in html styles could bypass security checks
  • Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names
  • Fix bug where only attachments with the same name would be ignored on zip download (#6301)
  • Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299)
  • Fix bug where after "mark all folders as read" action message counters were not reset (#6307)
  • Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289)
  • Fix bug where some HTML comments could have been malformed by HTML parser (#6333)

RELEASE 1.3.6

  • Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216)
  • Fix PHP 7.2: count(): Parameter must be an array in enchant-based spellchecker (#6234)
  • Fix possible IMAP command injection and type juggling vulnerabilities (#6229)
  • Enigma: Fix key selection for signing
  • Enigma: Enable keypair generation on Internet Explorer 11
  • Fix check_request() bypass in places using get_uids() CVE-2018-9846 (#6238)
  • Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224)

RELEASE 1.3.5

  • Managesieve: Fix bug where text: syntax was forced for strings longer than 1024 characters (#6143)
  • Managesieve: Fix missing Save button in Edit Filter Set page of Classic skin (#6154)
  • Fix duplicated labels in Test SMTP Config section (#6166)
  • Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169)
  • Enigma: Fix key generation in Safari by upgrade to OpenPGP 2.6.2 (#6149)
  • Fix security issue in remote content blocking on HTML image and style tags (#6178)
  • Added 9pt and 11pt to the list of font sizes in HTML editor
  • Fix handling encoding of HTML tags in "inline" JSON output (#6207)
  • Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212)

RELEASE 1.3.4

  • Fix a couple of warnings on PHP 7.2 (#6098)
  • Fix bug where contacts search could skip some records (#6130)
  • Fix possible information leak - add more strict sql error check on user creation (#6125)
  • Fix broken long filenames when using imap4d server - workaround server bug (#6048)
  • Fix so temp_dir misconfiguration prints an error to the log (#6045)
  • Fix untagged COPYUID responses handling - again (#5982)
  • Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 (#6075)
  • Fix bug where Archive folder wasn't auto-created on login with create_default_folders=true
  • Fix performance issue when parsing malformed and long Date header (#6087)
  • Fix syntax error in mssql.initial.sql (#6097)
  • Fix bug where contacts export by selection returned no more than 10 entries (#6103)
  • Fix searching contacts by address in LDAP source (#6084)
  • Fix X-Frame-Options: ALLOW-FROM support, remove custom click-jacking protection (#6057)

RELEASE 1.3.3

  • Fix decoding of mailto: links with + character in HTML messages (#6020)
  • Fix false reporting of failed upgrade in installto.sh (#6019)
  • Fix file disclosure vulnerability caused by insufficient input validation [CVE-2017-16651] (#6026)
  • Fix mangled non-ASCII characters in links in HTML messages (#6028)

RELEASE 1.3.2

  • Improve detection for Egde browser and add pointer event support (#5922)
  • Fix bug where pink image was used instead of a thumbnail when image resize fails (#5933)
  • Fix so files size/count limit is verified (client-side) also on drag-n-drop uploads (#5940)
  • Fix invalid template loading on a message error in preview frame (#5941)
  • Fix bug where HTML messages could have been rendered empty on some systems (#5957)
  • Fix wording of "Mark previewed messages as read" to "Mark messages as read" (#5952)
  • Enigma: Fix decryption of messages encoded with non-ascii charset (#5962)
  • Fix missing cursor in HTML editor on mail reply (#5969)
  • Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
  • Fix bug where mail search could return empty result on servers without SORT capability (#5973)
  • Fix bug where assets_path wasn't added to some watermark frames
  • Fix so untagged COPYUID responses are also supported according to RFC6851 (#5982)
  • Fix issue caused by non-default session.cookie_lifetime setting (#5961)
  • Fix Edge encoding bug when pasting text into the HTML editor, update to TinyMCE 4.5.8 (#5885)
  • Fix handling of unknown Content-Disposition type (#6002)
  • Fix truncated folder name on messages list in multi-folder mode, for folders with non-ascii characters (#6004)
  • Fix bug where removing the last subfolder did not hide toggle button on its parent record (#6007)
  • Fix bug where ghost messages could be added to the list after fast delete (#5941)

RELEASE 1.3.1

  • Add Preferences > Mailbox View > Main Options > Layout (#5829)
  • Password: Fix compatibility with PHP 7+ in cpanel_webmail driver (#5820)
  • Managesieve: Fix parsing dot-staffed lines in multiline text (#5838)
  • Managesieve: Fix AM/PM suffix in vacation time selectors
  • Managesieve: Fix bug where 'exists' operator was reset to 'contains' (#5899)
  • Remove non-printable characters from filenames on download/display (#5880)
  • Fix decoding non-ascii attachment names from TNEF attachments (#5646, #5799)
  • Fix uninitialized string offset warnings and make sure random_bytes() has the requested length (#5788)
  • Fix bug where HTML messages with @media styles could moddify style of page body (#5811)
  • Fix style issue on selected and unfocused message that is part of a thread (#5798)
  • Fix bug where a.button style from managesieve plugin could impact other elements (#5800)
  • Fix position of selected icon for (Mailvelope) Encrypt button
  • Fix fatal error when using DMY- or MDY-based date format in PostgreSQL (#5808)
  • Fix bug where errors were not printed when using bin/update.sh (#5834)
  • Fix PHP 7.2 warnings on count() use (#5845)
  • Fix bug where Chrome could not upload the same file that was selected before (#5854)
  • Fix duplicate messages on the list after deleting messages on the next to the last page (#5862)
  • Fix bug where messages count was not updated after delete when imap_cache is set (#5872)
  • Fix potential XSS vulnerability with malformed HTML message markup
  • Fix sending message with "Too many public recipients" dialog buttons (#5924)
  • Bring back double-click behavior on the message list which was removed in 1.3.0 (#5823)
  • Enigma: Fix decrypting an encrypted+signed message when signature verification fails (#5914)

RELEASE 1.3.0

  • Update to TinyMCE 4.5.7
  • Fix bug where invalid recipients could be silently discarded (#5739)
  • Fix conflict with _gid cookie of Google Analytics (#5748)
  • Print error from CLI scripts when system/exec function is disabled (#5744)
  • Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747)
  • Fix bug where it wasn't possible to scroll folders list in Edge (#5750)
  • Fix folders list sorting on Windows - if php-intl is available (#5732)
  • Fix addressbook searching by gender (#5757)
  • Fix prevention from using % and * characters in folder name (#5762)
  • Fix POST parameter reflection in default_charset selector (#5768)
  • Enigma: Fix compatibility with assets_dir
  • Managesieve: Skip redundant LISTSCRIPTS command
  • Fix SQL syntax error on MariaDB 10.2 (#5774)
  • Fix bug where zipdownload ignored files with the same name (#5777)
  • Fix bug where it wasn't possible to set timezone to auto-detected value (#5782)

RELEASE 1.3-rc

  • "Flattened" the larry theme: fresher look by removing shadows and gradients
  • Support logging to php://stdout (#5721)
  • Add support for DelSp=Yes in format=flowed messages (#5702)
  • Update to jQuery 3.2.1
  • Update to TinyMCE 4.5.6
  • Plugin API: Call message_part_structure hook for sub-parts of multipart/alternative message (#5678)
  • Enigma: Always use detached signatures (#5624)
  • Enigma: Fix handling of messages with nested PGP encrypted parts (#5634)
  • Minimize unwanted message loading in preview frame on drag (#5616)
  • Fix failing database schema check in all engines except mysql (#5730)
  • Fix autocomplete popup closing with click outside the input, don't handle Tab key as Enter (#5606)
  • Fix jsdeps.json synchronization on update, warn about missing requirements of install-jsdeps.sh (#5598)
  • Fix missing thread expand icon on search result in widescreen mode (#5613)
  • Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
  • Fix bug where external content in src attribute of input/video tags was not secured (#5583)
  • Fix PHP error on update of a contact with multiple email addresses when using PHP 7.1 (#5587)
  • Fix bug where mail content frame couldn't be reset in some corner cases (#5608)
  • Fix bug where some classic skin images were not displayed in IE/Edge (#5614)
  • Fix bug where signature couldn't be added above the quote in Firefox 51 (#5628)
  • Fix regression where groups with email address were resolved to its members' addresses
  • Fix update of group name in the contacts list header on group rename (#5648)
  • Add rewrite rule to disable access to /vendor/bin folder in .htaccess (#5630)
  • Fix bug where it was too easy accidentally move a folder when using the subscription checkbox (#5655)
  • Managesieve: Fix parser issue with empty lines between comments (#5657)
  • Managesieve: Fix possible defect in handling \r\n in scripts (#5685)
  • Fix/rephrase "unsaved changes" warning when cancelling a draft (#5610)
  • Fix XSS issue in handling of a style tag inside of an svg element [CVE-2017-6820]
  • Fix bug where settings/upload.inc could not be used by plugins (#5694)
  • Fix regression in LDAP fuzzy search where it always used prefix search instead (#5713)
  • Fix bug where namespace prefix could not be truncated on folders list if show_real_foldernames=true (#5695)
  • Fix undesired effects when postgres database uses different timezone than PHP host (#5708)
  • Installer: Fix DB schema initialization on MS SQL Server
  • Fix bug where base_dn setting was ignored inside group_filters (#5720)
  • Password: Fix security issue in virtualmin and sasl drivers [CVE-2017-8114]

RELEASE 1.3-beta

  • Nicely handle contact deletion on contact edit (#5522)
  • vcard_attachments: Add possibility to attach contact vCard to composed message (#4997)
  • Preserve message internal/received date on import in mbox format (#5559)
  • Zipdownload: Fix date format in mbox "From line"
  • Possibility to display QR code for contacts data (#5030)
  • Added identicon plugin
  • Widescreen layout aka three column view (#5093)
  • Unify automatic marking as \Seen in preview pane, full-page and extwin views (#5071)
  • Disable double-click on the list when preview pane is on (#5199)
  • Support hostname and hostname:port in force_https option (#5511)
  • Support ALLOW-FROM in x_frame_options (#5122)
  • Allow to omit a subject when sending an email (#5068)
  • Warn about too many disclosed recipients in composed email [max_disclosed_recipients] (#5132)
  • identity_select: Support Received header (#5085)
  • Plugin API: Added get_compose_responses hook (#5457)
  • Display error when trying to upload more files than specified in max_file_uploads (#5483)
  • Add missing sql upgrade file for 'ip' column resize in session table (#5465)
  • Do not show inline images of unsupported mimetype (#5463)
  • Password: Added replacement variables support in password_pop_host (#5539)
  • Password: Don't store passwords in temp files when using dovecotpw (#5531)
  • Password: Added LDAP PPolicy driver (#5364)
  • Password: Added cpanel_webmail driver (#5549)
  • Password: Added possibility to nicely redirect from other plugins on password expiration (#5468)
  • Implement separate action to mark all messages in a folder as \Seen (#5006)
  • Implement marking as \Seen in all folders or in a folder and its subfolders (#5076)
  • Archive: Don't reload messages list when it's not needed (#5225)
  • Archive: Add option to automatically mark archived messages as \Seen (#5142)
  • Improve randomness of password salts and random hashes (#5266)
  • Password/cPanel: Add support for hash authentication and reseller accounts (#5252)
  • Support host-specific imap_conn_options/smtp_conn_options/managesieve_conn_options (#5136)
  • Center and scale images in attachment preview frame (#5421)
  • Added max_message_size option enforced when attaching files to a composed message (#4993)
  • Added Search button in quick search menus (#5312)
  • Implement "one click" attachment/messages/photo upload (#5024)
  • Squirrelmail_usercopy: Add option to define character set of data files
  • Removed useless 'created' column from 'session' table (#5389)
  • Dropped legacy browsers support (#5167)
    • Removed legacy_browser plugin
    • Removed hacks for IE < 10
    • Update to jQuery 3.1.1 and jQuery-UI 1.12.0
    • compile .min.js files with ECMASCRIPT5 option
  • Require PHP >= 5.4
  • Add possibility to preview and download attachments in mail compose (#5053)
  • Add possibility to rename attachments in mail compose (#4996)
  • Remove backward compatibility "layer" of bc.php (#4902)
  • Support WEBP images in mail messages (#5362)
  • Support MathML in HTML message preview (#5182)
  • Rename Addressbook to Contacts (#5233)
  • Remove PHP mail() support, smtp_server is required now (#5340)
  • Display full message subject in onmouseover on truncated subject in mail view (#5346)
  • Enigma: Support GnuPG 2.1 (#5313)
  • Enigma: Support key generation for multiple identities (#5383)
  • Enigma: Import keys from key-server(s) (#5286)
  • Enigma: Search missing public keys on a key-server in mail compose (#5286)
  • Enigma: Delete user keys when using deluser.sh script
  • Enigma: Fix redundant list-secret-keys/list-public-keys calls on signing/encryption
  • Enigma: Implement PGP encryption and signing in one go (#5302)
  • Enigma: Display signature verification status for encrypted+signed messages (#5302)
  • Display different attachment icon on encrypted messages
  • Display different confirmation text when moving messages to Trash (#5220)
  • Indicate that a collapsed thread has flagged children (#5013)
  • Implemented message/rfc822 attachment preview
  • Update to jsTimezoneDetect 1.0.6
  • Managesieve: Add (optional) RAW script editor (#5414)
  • Managesieve: Add option to automatically set vacation :from address (#5428)
  • Managesieve: Support 'string' test from variables extension [RFC 5229] (#5248)
  • Managesieve: Support 'duplicate' extension [RFC 7352]
  • Managesieve: Unhide advanced rule controls if there are inputs with errors
  • Managesieve: Display warning message when filter form contains errors
  • Control search engine crawlers via X-Robots-Tag header instead of and robots.txt (#5098)
  • Fixed redundancy in sql caching system and compatibility with Galera Cluster (#5439)
    • Removed redundant 'created' column from cache and cache_shared tables
    • Removed use of redundant data records
    • Added missing primary keys (dictionary, cache, cache_shared tables)
  • Fix so templating system does not mess with external (e.g. email) content (#5499)
  • Fix redundant keep-alive/refresh after session error on compose page (#5500)
  • Managesieve: Fix handling of scripts with nested rules (#5540)
  • Fix variable substitution in ldap host for some use-cases, e.g. new_user_identity (#5544)
  • Enigma: Fix PHP fatal error when decrypting a message with invalid signature (#5555)
  • Fix adding images to new identity signatures
  • Fix rsync error handling in installto.sh script (#5562)
  • Fix some advanced search issues with multiple addressbooks (#5572)
  • Fix so group/addressbook selection is retained on page refresh

RELEASE 1.2.4

  • Managesieve: Fix handling of scripts with nested rules (#5540)
  • Managesieve: Fix parser issue with empty lines between comments (#5657)
  • Managesieve: Fix possible defect in handling \r\n in scripts (#5685)
  • Enigma: Fix handling of messages with nested PGP encrypted parts (#5634)
  • Enigma: Fix PHP fatal error when decrypting a message with invalid signature (#5555)
  • Enigma: Fix missing require statement for Crypt_GPG_KeyGenerator (#5641)
  • Fix variable substitution in ldap host for some use-cases, e.g. new_user_identity (#5544)
  • Fix adding images to new identity signatures
  • Fix rsync error handling in installto.sh script (#5562)
  • Fix some advanced search issues with multiple addressbooks (#5572)
  • Fix so group/addressbook selection is retained on page refresh
  • Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
  • Fix bug where external content in src attribute of input/video tags was not secured (#5583)
  • Fix PHP error on update of a contact with multiple email addresses when using PHP 7.1 (#5587)
  • Fix bug where mail content frame couldn't be reset in some corner cases (#5608)
  • Fix bug where some classic skin images were not displayed in IE/Edge (#5614)
  • Fix bug where signature couldn't be added above the quote in Firefox 51 (#5628)
  • Fix regression where groups with email address were resolved to its members' addresses
  • Fix update of group name in the contacts list header on group rename (#5648)
  • Add rewrite rule to disable access to /vendor/bin folder in .htaccess (#5630)
  • Fix bug where it was too easy accidentally move a folder when using the subscription checkbox (#5655)
  • Fix XSS issue in handling of a style tag inside of an svg element (CVE-2017-6820)

RELEASE 1.2.3

  • Searching in both contacts and groups when LDAP addressbook with group_filters option is used
  • Fix vulnerability in handling of mail()'s 5th argument
  • Fix To: header encoding in mail sent with mail() method (#5475)
  • Fix flickering of header topline in min-mode (#5426)
  • Fix bug where folders list would scroll to top when clicking on subscription checkbox (#5447)
  • Fix decoding of GB2312/GBK text when iconv is not installed (#5448)
  • Fix regression where creation of default folders wasn't functioning without prefix (#5460)
  • Enigma: Fix bug where last records on keys list were hidden (#5461)
  • Enigma: Fix key search with keyword containing non-ascii characters (#5459)
  • Fix bug where deleting folders with subfolders could fail in some cases (#5466)
  • Fix bug where IMAP password could be exposed via error message (#5472)
  • Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc, Added memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452)
  • Fix "Illegal string offset" warning in rcube::log_bug() on PHP 7.1 (#5508)
  • Fix storing "empty" values in rcube_cache/rcube_cache_shared (#5519)
  • Fix missing content check when image resize fails on attachment thumbnail generation (#5485)
  • Fix displaying attached images with wrong Content-Type specified (#5527)

RELEASE 1.2.2

  • Enigma: Add possibility to configure gpg-agent binary location (enigma_pgp_agent)
  • Enigma: Fix signature verification with some IMAP servers, e.g. Gmail, DBMail (#5371)
  • Enigma: Make recipient key searches case-insensitive (#5434)
  • Fix regression in resizing JPEG images with Imagick (#5376)
  • Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372)
  • Use SymLinksIfOwnerMatch in .htaccess instead of FollowSymLinks disabled on some hosts for security reasons (#5370)
  • Wash position:fixed style in HTML mail for better security (#5264)
  • Fix bug where memcache_debug didn't work for session operations
  • Fix bug where Message-ID domain part was tied to username instead of current identity (#5385)
  • Fix bug where blocked.gif couldn't be attached to reply/forward with insecure content
  • Fix E_DEPRECATED warning when using Auth_SASL::factory() (#5401)
  • Fix bug where names of downloaded files could be malformed when derived from the message subject (#5404)
  • Fix so "All" messages selection is resetted on search reset (#5413)
  • Fix bug where folder creation could fail if personal namespace contained more than one entry (#5403)
  • Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified (#5400)
  • Fix PHP warning when handling shared namespace with empty prefix (#5420)
  • Fix so folders list is scrolled to the selected folder on page load (#5424)
  • Fix so when moving to Trash we make sure the folder exists (#5192)
  • Fix displaying size of attachments with zero size
  • Fix so "Action disabled" error uses more appropriate 404 code (#5440)

RELEASE 1.2.1

  • Update TinyMCE to version 4.3.13 (#5309)
  • Fix bug where errors could have been not logged when per_user_logging=true
  • Fix bug where message list columns could be in wrong order after column drag-n-drop and list sorting
  • Fix so minified publickey.js (with cache-buster) is used when available (#5254)
  • Fix (replace) application/x-tar file extension test as it might not exist in nginx config (#5253)
  • Fix PHP warning when password_hosts is set, but is not an array (#5260)
  • Fix redundant keep-alive requests when session_lifetime is greater than ~20000 (#5273)
  • Fix so subfolders of INBOX can be set as Archive (#5274)
  • Fix bug where multi-folder search could choose a wrong folder in "this and subfolders" scope (#5282)
  • Fix bug where multi-folder search didn't work for unsubscribed INBOX (#5259)
  • Fix bug where "no body" alert could be displayed when sending mailvelope email
  • Enigma: Fix keys import from inside of an encrypted message (#5285)
  • Enigma: Fix malformed signed messages with force_7bit=true (#5292)
  • Enigma: Add possibility to configure gpg binary location (enigma_pgp_binary)
  • Enigma: Add possibility to export private keys (#5321)
  • Fix searching by email address in contacts with multiple addresses (#5291)
  • Fix handling of --delete argument in moduserprefs.sh script (#5296)
  • Workaround PHP issue by calling closelog() on script shutdown when using log_driver=syslog (#5289)
  • Fix so upgrade script makes sure program/lib directory does not contain old libraries (#5287)
  • Fix subscription checkbox state on error in folder subscribe/unsubscribe action (#5243)
  • Fix bug where microsecond format in logged date didn't work in some cases
  • Fix conflict in new_user_dialog and password_force_new_user settings (#5275)
  • Don't create multipart/alternative messages with empty text/plain part (#5283)
  • Use contact_search_name format in popup on results in compose contacts search
  • Fix handling of 'mailto' and 'error' arguments in message_before_send hook (#5347)
  • Fix missing localization of HTML editor when assets_dir != INSTALL_PATH
  • Fix handling of blockquote tags with mixed case on html2text conversion (#5363)
  • Fix javascript errors in IE on page with iframe that points to another domain

RELEASE 1.2.0

  • Enigma: Added enigma_debug option
  • Fix message list multi-select/deselect issue (#5219)
  • Fix bug where getting HTML editor content could steal focus from other form controls (#5223)
  • Fix bug where contact search menu fields where always unchecked in Larry skin
  • Fix autoloading of 'html' class
  • Fix bug where Encrypt button appears when switching editor to HTML (#5235)
  • Fix XSS issue in href attribute on area tag [CVE-2016-4552] (#5240)

RELEASE 1.2-rc

  • Managesieve: Refactored script parser to be 100x faster
  • Enigma: added option to force users to use signing/encryption
  • Enigma: Added option to attach public keys to sent mail (#5152)
  • Enigma: Handle messages with text before an encrypted block (#5149)
  • Enigma: Handle encrypted/signed content inside message/rfc822 attachments
  • Enigma: Fix missing html/plain switch on multipart/signed messages (#4963)
  • Enigma: Disable format=flowed for signed plain text messages (#4960)
  • Enigma: Fix handling of encrypted + signed messages (#4950)
  • Enigma: Fix invalid boundary use in signed messages structure
  • Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955)
  • Save copy of original .htaccess file when using installto.sh script (#4947)
  • Fix regression where some message attachments could be missing on edit/forward (#4939)
  • Fix regression in displaying contents of message/rfc822 parts (#4937)
  • Fix handling of message/rfc822 attachments on replies and forwards (#4938)
  • Fix PDF support detection in Firefox > 19 (#4941)
  • Fix path traversal vulnerability in setting a skin [CVE-2015-8770] (#4945)
  • Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#4944)
  • Fix .htaccess rewrite rules to not block .well-known URIs (#4943)
  • Fix mail view scaling on iOS (#4915)
  • Fix PHP7 warning "session_start(): Session callback expects true/false return value" (#4948)
  • Fix XSS issue in SVG images handling (#4949)
  • Fix missing language name in "Add to Dictionary" request in HTML mode (#4951)
  • Fix (again) security issue in DBMail driver of password plugin (CVE-2015-2181) (#4958)
  • Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#4961)
  • Fix bug in long recipients list parsing for cases where recipient name contained @-char (#4964)
  • Plugin API: Added addressbook_export hook
  • Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#4966)
  • Hide DSN option in Preferences when smtp_server is not used (#4967)
  • Fix handling of body parameter in mail compose request
  • Protect download urls against CSRF using unique request tokens (#4957)
  • newmail_notifier: Refactor desktop notifications
  • Fix so contactlist_fields option can be set via config file
  • Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782)
  • Fix performance in reverting order of THREAD result
  • Fix converting mail addresses with @www. into mailto links (#5197)

RELEASE 1.2-beta

  • Update TinyMCE to version 4.2
  • Remove backward compatibility "layer" of bc.php (#4902)
  • Add possibility to define date format in write operations for ldap attributes (#3956)
  • Display attachment size in compose (#1329)
  • Added possibility to drag-n-drop attachments from mail preview to compose window
  • Implemented mail messages searching with predefined date interval
  • PGP encryption support via Mailvelope integration
  • PGP encryption support via Enigma plugin
  • PHP7 compatibility fixes (#4836)
  • Security: Added brute-force attack prevention via login rate limit (#4922)
  • Security: Added options to validate username/password on logon (#4884)
  • Security: Improve randomness of security tokens (#4899)
  • Security: Use random security tokens instead of hashes based on encryption key (#4829)
  • Security: Improved encrypt/decrypt methods with option to choose the cipher_method (#4492)
  • Make optional adding of standard signature separator - sig_separator (#3276)
  • Optimize folder_size() on Cyrus IMAP by using special folder annotation (#4894)
  • Make optional hidding of folders with name starting with a dot - imap_skip_hidden_folders (#4870)
  • Add option to enable HTML editor always, except when replying to plain text messages (#4352)
  • Emoticons: Added option to switch on/off emoticons in compose editor (#2076)
  • Emoticons: Added option to switch on/off emoticons in plain text messages
  • Emoticons: All emoticons-related functionality is handled by the plugin now
  • Installer: Add button to save generated config file in system temp directory (#3553)
  • Remove common subject prefixes Re:, Re[x]:, Re-x: on reply (#4882)
  • Added GSSAPI/Kerberos authentication plugin - krb_authentication
  • Password: Allow temporarily disabling the plugin functionality with a notice
  • Require Mbstring and OpenSSL extensions (#5166)
  • Add --config and --type options to moduserprefs.sh script (#4651)
  • Implemented memcache_debug and apc_debug options
  • Installer: Remove system() function use (#4695)
  • Password plugin: Added 'kpasswd' driver by Peter Allgeyer
  • Add initdb.sh to create database from initial.sql script with prefix support (#4722)
  • Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
  • Plugin API: Added message_part_body hook
  • Plugin API: Added message_ready hook
  • Plugin API: Add special onload() method to execute plugin actions before startup (session and GUI initialization)
  • Implemented UI element to jump to specified page of the messages list (#1677)
  • Fix searching of contacts to allow remote images for known senders (#4886)
  • Fix bug where clicking date column with 'arrival' sorting would switch to sorting by 'date' (#4690)
  • Fix bug where message content could overlap attachments list in Larry skin (#4876)
  • Fix so microseconds macro (u) in log_date_format works (#4855)
  • Fix so unrecognized TNEF attachments are displayed on the list of attachments (#5138)

RELEASE 1.1.5

  • Plugin API: Added html2text hook
  • Plugin API: Added addressbook_export hook
  • Fix missing emoticons on html-to-text conversion
  • Fix random "access to this resource is secured against CSRF" message at logout (#4956)
  • Fix missing language name in "Add to Dictionary" request in HTML mode (#4951)
  • Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955)
  • Fix XSS issue in SVG images handling (#4949)
  • Fix (again) security issue in DBMail driver of password plugin (CVE-2015-2181) (#4958)
  • Fix bug in long recipients list parsing for cases where recipient name contained @-char (#4964)
  • Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#4966)
  • Hide DSN option in Preferences when smtp_server is not used (#4967)
  • Protect download urls against CSRF using unique request tokens (#4957)
  • newmail_notifier Plugin: Refactored desktop notifications
  • Fix so contactlist_fields option can be set via config file
  • Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782)
  • Fix performance in reverting order of THREAD result
  • Fix converting mail addresses with @www. into mailto links (#5197)

RELEASE 1.1.4

  • Add workaround for https://bugs.php.net/bug.php?id=70757 (#4931)
  • Fix duplicate messages in list and wrong count after delete (#4925)
  • Fix so Installer requires PHP5
  • Make brute force attacks harder by re-generating security token on every failed login (#4913)
  • Slow down brute-force attacks by waiting for a second after failed login (#4913)
  • Fix .htaccess rewrite rules to not block .well-known URIs (#4943)
  • Fix mail view scaling on iOS (#4915)
  • Fix so database_attachments::cleanup() does not remove attachments from other sessions (#4907)
  • Fix responses list update issue after response name change (#4917)
  • Fix bug where message preview was unintentionally reset on check-recent action (#4921)
  • Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#4905)
  • Fix redundant blank lines when using HTML and top posting (#4927)
  • Fix redundant blank lines on start of text after html to text conversion (#4928)
  • Fix HTML sanitizer to skip in output (#4932)
  • Fix invalid LDAP query in ACL user autocompletion (#4934)
  • Fix regression in displaying contents of message/rfc822 parts (#4937)
  • Fix handling of message/rfc822 attachments on replies and forwards (#4938)
  • Fix PDF support detection in Firefox > 19 (#4941)
  • Fix path traversal vulnerability (CWE-22) in setting a skin (#4945)
  • Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#4944)

RELEASE 1.1.3

  • Fix closing of nested menus (#4854)
  • Fix so E_DEPRECATED errors from PEAR libs are ignored by error_reporting change (#4770)
  • Fix compatibility with PHP 5.3 in rcube_ldap class (#4842)
  • Get rid of Mail_mimeDecode package dependency (#4836)
  • Fix "Importing..." message does not hide on error (#4840)
  • Fix SQL error on logout when using session_storage=php (#4839)
  • Update to jQuery 2.1.4 (#5165)
  • Fix Compose action in addressbook for results from multiple addressbooks (#4834)
  • Fix bug where some messages in multi-folder search couldn't be viewed/printed/downloaded (#4843)
  • Fix unintentional messages list page change on page switch in compose addressbook (#4844)
  • Fix race-condition in saving user preferences and loading plugin config (#4845)
  • Fix so plain text signature field uses monospace font (#4848)
  • Fix so links with href == content aren't added to links list on html to text conversion (#4847)
  • Fix handling of non-break spaces in html to text conversion (#4849)
  • Fix self-reply detection issues (#4852)
  • Fix multi-folder search result sorting by arrival date (#4858)
  • Fix so *-request@ addresses in Sender: header are also ignored on reply-all (#4860)
  • Update to TinyMCE 4.1.10 (#5164)
  • Fix draft removal after a message is sent and storing sent message is disabled (#4869)
  • Fix so imap folder attribute comparisons are case-insensitive (#4868)
  • Fix bug where new messages weren't added to the list in search mode
  • Fix wrong positioning of message list header on page scroll in Webkit browsers (#4646)
  • Fix some javascript errors in rare situations (#4853)
  • Fix error when using back button after sending an email (#4628)
  • Fix removing signature when switching to identity with an empty sig in HTML mode (#4872)
  • Disable links list generation on html-to-text conversion of identities or composed message (#4850)
  • Fix "washing" of style elements wrapped into many lines
  • Fix so input field (e.g. search box) does not loose focus on list load (#4862)
  • Fix minor XSS issue in drag-n-drop file uploads (#4900)

RELEASE 1.1.2

  • Add new plugin hook 'identity_create_after' providing the ID of the inserted identity (#4807)
  • Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below]
  • Fix handling of %-encoded entities in mailto: URLs (#4799)
  • Fix zipped messages downloads after selecting all messages in a folder (#4797)
  • Fix vpopmaild driver of password plugin
  • Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#4798)
  • Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#4796)
  • Fix message list header in classic skin on window resize in Internet Explorer (#4732)
  • Fix so text/calendar parts are listed as attachments even if not marked as such (#4795)
  • Fix lack of signature separator for plain text signatures in html mode (#4802)
  • Fix font artifact in Google Chrome on Windows (#4803)
  • Fix bug where forced extwin page reload could exit from the extwin mode (#4801)
  • Fix bug where some unrelated attachments in multipart/related message were not listed (#4805)
  • Fix mouseup event handling when dragging a list record (#4808)
  • Fix bug where preview_pane setting wasn't always saved into user preferences (#4809)
  • Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#4814)
  • Fix security issue in contact photo handling (#4817)
  • Fix possible memcache/apc cache data consistency issues (#4820)
  • Fix bug where imap_conn_options were ignored in IMAP connection test (#4822)
  • Fix bug where some files could have "executable" extension when stored in temp folder (#4815)
  • Fix attached file path unsetting in database_attachments plugin (#4823)
  • Fix issues when using moduserprefs.sh without --user argument (#4825)
  • Fix potential info disclosure issue by protecting directory access (#4816)
  • Fix blank image in html_signature when saving identity changes (#4833)
  • Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#4827)
  • Fix XSS vulnerability in _mbox argument handling (#4837)

RELEASE 1.1.1

  • ACL: Allow other plugins to adjust the list of permissions and groups to edit
  • Add possibility to print contact information (of a single contact)
  • Add possibility to configure max_allowed_packet value for all database engines (#4772)
  • Improved handling of storage errors after message is sent
  • Update to TinyMCE 4.1.9
  • Unified request* event arguments handling, added support for _unlock and _action parameters
  • Security: Generate random hash for the per-user local storage prefix (#4768)
  • Fix refreshing of drafts list when sending a message which was saved in meantime (#4745)
  • Fix saving/sending emoticon images when assets_dir is set
  • Fix PHP fatal error when visiting Vacation interface and there's no sieve script yet (#4778)
  • Fix setting max packet size for DB caches and check packet size also in shared cache
  • Fix needless security warning on BMP attachments display (#4771)
  • Fix handling of some improper constructs in format=flowed text as per the RFC3676[4.5] (#4773)
  • Fix performance of rcube_db_mysql::get_variable()
  • Fix missing or not up-to-date CATEGORIES entry in vCard export (#4766)
  • Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function (#4769)
  • Fix cursor position on reply below the quote in HTML mode (#4759)
  • Fix so "over quota" errors are displayed also in message compose page
  • Fix duplicate entries supression in autocomplete result (#4776)
  • Fix "Non-static method PEAR::isError() should not be called statically" errors (#4770)
  • Fix parsing invalid HTML messages with BOM after <!DOCTYPE> (#4777)
  • Fix duplicate entry on timezones list in rcube_config::timezone_name_from_abbr() (#4779)
  • Fix so localized folder name is displayed in multi-folder search result (#4750)
  • Fix javascript error after creating a folder which is a subfolder of another one (#4781)
  • Fix bug where subject of sent/saved message was removed if mbstring wasn't installed (#4780)
  • Fix missing vcard_attachment icon on messages list (#4783)
  • Fix storing signatures with big images in MySQL database (#4785)
  • Fix Opera browser detection in javascript (#4786)
  • Fix so search filter, scope and fields are reset on folder change
  • Fix rows count when messages search fails (#4760)
  • Fix bug where spellchecking in HTML editor do not work after switching editor type more than once (#4789)
  • Fix bug where TinyMCE area height was too small on slow network connection (#4788)
  • Fix backtick character handling in sql queries (#4790)
  • Fix redirect URL for attachments loaded in an iframe when behind a proxy (#4724)
  • Fix menu container references to point to the actual <ul> element (#4791)
  • Fix javascripts errors in IE8 - lack of Event.which, focusing a hidden element (#4793)

RELEASE 1.1.0

  • Make SMTP error log more verbose - include server response and error code
  • Fix download options menu (added by zipdownload plugin) in classic skin (#4740)
  • Fix blocked.gif image usage with assets_dir set
  • Fix bug where max_group_members was ignored when adding a new contact (#4733)
  • Hide MDN and DSN options in compose if disabled by admin (#4735)
  • Fix checks based on window.ActiveXObject in IE > 10
  • Fix XSS issue in style attribute handling (#4739)
  • Fix bug where Drafts list wasn't updated on draft-save action in new window (#4737)
  • Fix so "set as default" option is hidden if identities_level > 1 (#4738)
  • Fix bug where search was reset after returning from compose visited for reply
  • Fix javascript error in "IE 8.0/Tablet PC" browser (#4730)
  • Fix bug where Reply-To address was ignored on reply to messages sent by self (#4742)
  • Fix bug where empty fieldmap config entries caused empty results of ldap search (#4741)
  • Fix bug where drafts list wasn't refreshed after draft message was sent from another window (#4745)
  • Fix keyboard navigation and css in datepicker widget across many Firefox versions
  • Fix false warning when opening attached text/plain files (#4748)
  • Fix bug where signature could have been inserted twice after plain-to-html switch (#4746)
  • Fix security issue in DBMail driver of password plugin (#4757)
  • Enable FollowSymLinks option in .htaccess file which is required by rewrite rules (#4754)
  • Fix so JSON.parse() errors on localStorage items are ignored (#4752)

RELEASE 1.1-RC

  • Update jQuery to version 2.1.3
  • Improve system security by using optional special URL with security token - use_secure_urls
  • Allow to define separate server/path for image/js/css files - assets_url/assets_dir
  • Sync vendor folder if exists in source package (#4700)
  • Avoid useless reloading list when resetting search with active filter (#4654)
  • Fix invalid folder selection if clicked while busy (#4709)
  • Fix import of multiple contact email addresses from Outlook-csv format (#4714)
  • Fix drag-n-drop to folders expanded while dragging (#4708)
  • Fix import of multiple contact groups from Google-csv format (#4710)
  • Fix import of contacts with multiple email addresses from Google-csv format (#4719)
  • Fix bugs where CSRF attacks were still possible on some requests
  • Fix some rcube_utils::anytodatetime() corner cases with timezone mismatches (#4712)
  • Improve move-to and contact-export button in classic skin (#4713)
  • Fix wrong icon for download button in classic skin
  • Fix bug where sent message was saved in Sent folder even if disabled by user (#4729)

RELEASE 1.1-beta

  • Fix skin path handling in plugin context (#4111)
  • Prevent memory exhaustion on image resizing with GD on Windows (#4580)
  • Add plugin hook for database table name lookups as requested in #4538
  • Added Oracle database support
  • Support contacts import in GMail CSV format
  • Added namespace filter in Folder Manager
  • Added folder searching in Folder Manager
  • Fix restoring draft messages from localStorage if editor mode differs (#4631)
  • Added config option/user preference to disable saving messages in localStorage (#4606)
  • Added config option 'imap_log_session' to enable Roundcube <-> IMAP session ID logging
  • Added config option 'log_session_id' to control the length of the session identifier in logs
  • Implemented 'storage_connected' API hook after successful IMAP login (#4638)
  • Integrate Net_LDAP3 and rcube_ldap_generic classes
  • Add option (disabled_actions) to disable UI elements/actions (#4478)
  • Support password encryption using openssl extension (#4614)
  • Create/rename groups in UI dialogs (#4592)
  • Added 'contact_search_name' option to define autocompletion entry format
  • Display quota information for current folder not INBOX only (#3442)
  • Support images in HTML signatures (#3917)
  • Display full quota information in popup (#2103, #2746)
  • Mail compose: Selecting contact inserts recipient to previously focused input - to/cc/bcc accordingly (#4487)
  • Close "no subject" prompt with Enter key (#4463)
  • Password: Add option to force new users to change their password (#2963)
  • Improve support for screen readers and assistive technology using WCAG 2.0 and WAI ARIA standards
  • Enable basic keyboard navigation throughout the UI (#3333)
  • Select/scroll to previously selected message when returning from message page (#4146)
  • Display a warning if popup window was blocked (#4472)
  • Remove (was: ...) from message subject on reply (#4359)
  • Update to TinyMCE 4.1 (#4168)
  • Enable autolink plugin in TinyMCE (#4029)
  • Support image operations with Imagick extension (#4498)
  • Support upload progress with session.upload_progress and PECL uploadprogress module (#3934)
  • Make identity name field optional (#4435)
  • Utility script to remove user records from the local database
  • Plugin API: Added message_saved hook (#4503)
  • Plugin API: Added imap_search_before hook
  • Support messages import from zip archives
  • Zipdownload: Added mbox format support (#2354)
  • Drop support for IE6, move IE7/IE8 support to legacy_browser plugin
  • Update to jQuery-2.1.1
  • Search across multiple folders (#1676)
  • Improve UI integration of ACL settings
  • Drop support for PHP < 5.3.7
  • Set In-Reply-To and References for forwarded messages (#4465)
  • Removed redundant default_folders config option (#4500)
  • Implemented IMAP SPECIAL-USE extension support [RFC6154] (#3326)
  • Optimize some framed pages content for better performance (#4517)
  • Improve text messages display and conversion to HTML (#4091)
  • Don't remove links when html signature is converted to text (#4473)
  • Fix page title when using search filter (#4636)
  • Fix mbox files import
  • Fix some character sets detection (#4694)
  • Fix so attachment charset is set in headers of forward/draft message (#4676)
  • Fix bug where wrong charset could be used for text attachment preview page (#4674)
  • Fix setting flags on servers with no PERMANENTFLAGS response (#4667)
  • Fix regression in SHAA password generation in ldap driver of password plugin (#4670)
  • Fix displaying of HTML messages with absolutely positioned elements in Larry skin (#4672)
  • Fix font style display issue in HTML messages with styled elements (#4671)
  • Fix download of attachments that are part of TNEF message (#4668)
  • Fix handling of uuencoded messages if messages_cache is enabled (#4675)
  • Fix handling of base64-encoded attachments with extra spaces (#4678)
  • Fix handling of UNKNOWN-CTE response, try do decode content client-side (#4650)
  • Fix bug where creating subfolders in shared folders wasn't possible without ACL extension (#4680)
  • Fix reply scrolling issue with text mode and start message below the quote (#4681)
  • Fix possible issues in skin/skin_path config handling (#4689)

RELEASE 1.0.6

  • Make SMTP error log more verbose - include server response and error code
  • Fix rows count when messages search fails (#4760)
  • Fix security issue in DBMail driver of password plugin (#4757)
  • Fix handling of some improper constructs in format=flowed text as per the RFC3676[4.5] (#4773)
  • Fix missing or not up-to-date CATEGORIES entry in vCard export (#4766)
  • Fix duplicate entry on timezones list in rcube_config::timezone_name_from_abbr() (#4779)
  • Fix handling of %-encoded entities in mailto: URLs (#4799)
  • Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#4814)
  • Fix security issue in contact photo handling (#4817)
  • Fix bug where database_attachments_cache setting was not working
  • Fix attached file path unsetting in database_attachments plugin (#4823)
  • Fix issues when using moduserprefs.sh without --user argument (#4825)

RELEASE 1.0.5

  • Fix bug where some valid text in a message was handled as uuencoded attachment
  • Fix wrong icon for download button in classic skin
  • Fix bug where sent message was saved in Sent folder even if disabled by user (#4729)
  • Fix checks based on window.ActiveXObject in IE > 10
  • Fix XSS issue in style attribute handling (#4739)
  • Fix bug where Drafts list wasn't updated on draft-save action in new window (#4737)
  • Fix so "set as default" option is hidden if identities_level > 1 (#4738)
  • Fix bug where search was reset after returning from compose visited for reply
  • Fix javascript error in "IE 8.0/Tablet PC" browser (#4730)
  • Fix bug where empty fieldmap config entries caused empty results of ldap search (#4741)

RELEASE 1.0.4

  • Disable TinyMCE contextmenu plugin as there are more cons than pros in using it (#4684)
  • Fix bug where show_real_foldernames setting wasn't honored on compose page (#4705)
  • Fix issue where Archive folder wasn't protected in Folder Manager (#4706)
  • Fix compatibility with PHP 5.2. in rcube_imap_generic (#4682)
  • Fix setting flags on servers with no PERMANENTFLAGS response (#4667)
  • Fix regression in SHAA password generation in ldap driver of password plugin (#4670)
  • Fix displaying of HTML messages with absolutely positioned elements in Larry skin (#4672)
  • Fix font style display issue in HTML messages with styled elements (#4671)
  • Fix download of attachments that are part of TNEF message (#4668)
  • Fix handling of uuencoded messages if messages_cache is enabled (#4675)
  • Fix handling of base64-encoded attachments with extra spaces (#4678)
  • Fix handling of UNKNOWN-CTE response, try do decode content client-side (#4650)
  • Fix bug where creating subfolders in shared folders wasn't possible without ACL extension (#4680)
  • Fix reply scrolling issue with text mode and start message below the quote (#4681)
  • Fix possible issues in skin/skin_path config handling (#4689)
  • Fix lack of delimiter for recipient addresses in smtp_log (#4703)
  • Fix generation of Blowfish-based password hashes (#4721)
  • Fix bugs where CSRF attacks were still possible on some requests

RELEASE 1.0.3

  • Fix insert-signature command in external compose window if opened from inline compose screen (#4663)
  • Initialize HTML editor before restoring a message from localStorage (#4631)
  • Add 'sig_max_lines' config option to default config file (#5162)
  • Add option to specify IMAP connection socket parameters - imap_conn_options (#4589)
  • Add option to set default message list mode - default_list_mode (#3157)
  • Enable contextmenu plugin for TinyMCE editor (#3062)
  • Fix some mime-type to extension mapping checks in Installer (#4610)
  • Fix errors when using localStorage in Safari's private browsing mode (#4619)
  • Fix bug where $Forwarded flag was being set even if server didn't support it (#4621)
  • Fix various iCloud vCard issues, added fallback for external photos (#4617)
  • Fix invalid Content-Type header when send_format_flowed=false (#4616)
  • Fix errors when adding/updating contacts in active search (#4630)
  • Fix incorrect thumbnail rotation with GD and exif orientation data (#4641)
  • Fix contacts list update after adding/deleting/moving a contact (#4640, #4644)
  • Fix handling of email addresses with quoted domain part (#4647)
  • Fix comm_path update on task switch (#4648)
  • Fix error in MSSQL update script 2013061000.sql (#4658)
  • Fix validation of email addresses with IDNA domains (#4661)

RELEASE 1.0.2

  • Fix storing unsaved drafts in localStorage (#4529)
  • Fix redundant horizontal scrollbar in HTML editor (#4591)
  • Fix PHP error in Preferences when default_folders was in dont_override (#4581)
  • Add configurable LDAP_OPT_DEREF option (#4546)
  • Fix unintentional draft autosave request if autosave is disabled (#4550)
  • Fix malformed References: header in send/saved mail (#4552)
  • Fix handling unicode characters in links (#4555)
  • Fix incorrect handling of HTML comments in messages sanitization code (#4558)
  • Fix so current page is reset on list-mode change (#4561)
  • Fix so responses menu hides on click in classic skin (#4566)
  • Fix unintentional line-height style modification in HTML messages (#4567)
  • Fix broken normalize_string(), add support for ISO-8859-2 (#4568)
  • Support csv contacts import in German localization (#4570)
  • Fix so message list and counters are updated when a message is opened in new window (#4569)
  • Fix malformed recipient name when composing a message by clicking on mailto link (#4583)
  • Fix list reload after sending message in another window (#4576)
  • Fix so address format errors are ignored when saving a draft (#4594)
  • Fix incorrect label translation in return receipt (#4598)
  • Fix security issue in delete-response action - allow only ajax request
  • Fix Delete button state after deleting identity/response (#4603)
  • Fix bug where contacts with no email address were listed on compose addressbook (#4602)
  • Fix images import from various vCard formats (#4604)
  • Fix sorting messages by size on servers without SORT capability (#4608)

RELEASE 1.0.1

  • Support 'error' and 'body_file' return attribs in 'message_before_send' hook (#4467)
  • Apply user-specific replacements to group's base_dn property (#4512)
  • Fix missing email address when importing contacts from outlook csv (#4535)
  • Fix bug where "With attachment" option in search filter wasn't selected after return from mail view (#4508)
  • Fix "washing" of unicoded style attributes (#4510)
  • Fix unintentional redirect from compose page in Webkit browsers (#4516)
  • Fix messages index cache update under some conditions (e.g. proxy) (#4505)
  • Fix lack of translation of special folders in some configurations (#4520)
  • Fix XSS issue in plain text spellchecker (#4524)
  • Fix invalid page title for some folders (1489804)
  • Fix redundant alert message on over-size uploads (#4528)
  • Fix next message display after removing a message (#4521)
  • Fix missing Mail-Followup-To header in sent mail (#4534)
  • Fix error when spell-checking an empty text (#4536)
  • Avoid popupmenus being closed when scrollbar is clicked (#4537)
  • Add proxy_whitelist configuration option (#4496)
  • Fix identities_level=4 handling in new_user_dialog plugin (#4540)
  • Fix various db_prefix issues (#4539)
  • Fix too small length of users.preferences column data type on MySQL
  • Fix redundant warning when switching from html to text in empty editor (#4530)
  • Fix invalid host validation on login (#4541)
  • Fix IMAP connection test in installer so it is aware of imap_auth_type (#4502)

RELEASE 1.0.0

  • Fix style of disabled protocol handler link on IE (#4460)
  • Fix message import dialog when no file is selected (#4488)
  • Fix opening compose screen in new window after saving as draft (#4479)
  • Added toolbar button to move message in message view
  • Fix directories check in Installer on Windows (#4462)
  • Fix issue when default_addressbook option is set to integer value (#4379)
  • Fix Opera > 15 detection (#4455)
  • Fix security issue in DomainFactory driver of Password plugin
  • Fix invalid X-Draft-Info on forwarded message draft (#4464)
  • Fix regression in handling of 'attachments' result in message_compose hook (#4474)
  • Fix issue where msgexport.sh printed the message to STDOUT instead of a file (#4476)
  • Fix fatal error in database_attachments plugin under some conditions (#4495)

RELEASE 1.0-RC

  • Small CSS fix with message notice boxes in Larry skin (#4429)
  • Include groups in contacts search on mail compose (#4186)
  • Add mime-type mapping for .7z files (#4436)
  • Invoke update scripts with php to circumvent execution restrictions (#4330)
  • Fix drag & drop message/contact moving on touch device (#4395)
  • Fix canned responses in HTML mode (#4446)
  • Check/create default folders on every login not only the first (#4391)
  • Update to jQuery-1.11.0 and jQuery-UI-1.9.2
  • Support SMTP socket context options via new config option 'smtp_conn_options'
  • Fix compatibility with PHP 5.2 in html.php file (#4438)
  • Remove expand/collapse with plus/minus keys (on numeric keypad) (#4437)
  • Fix issue where filesystem path was added to all-attachments (zip) file (#4433)
  • Fix case-sensitivity of email addresses handling on compose (#1899)
  • Don't alter Message-ID of a draft when sending (#4381)
  • Fix issue where deprecated syntax for HTML lists was not handled properly (#3975)
  • Display different icons when Trash folder is empty or full (#2108)
  • Remember last position of more headers switch (#3660)
  • Fix so message flags modified by another client are applied on the list on refresh (#1639)
  • Fix broken text/* attachments when forwarding/editing a message (#4393)
  • Improved minified files handling, added css minification (#3041)
  • Fix handling of X-Forwarded-For header with multiple addresses (#4424)
  • Fix border issue on folders list in classic skin (#4419)
  • Implemented menu actions to copy/move messages, added folder-selector widget (#863)
  • Fix security rules in .htaccess preventing access to base URL without the ending slash (#4422)
  • Fix regression where only first new folder was placed in correct place on the list (#4418)
  • Fix issue where children of selected and collapsed thread were skipped on various actions (#4410)
  • Fix issue where groups were not deleted when "Replace entire addressbook" option on contacts import was used (#4388)
  • Fix unreliable mimetype tests in Installer (#4408)
  • Fix performance of listing writeable folders (#4406)

RELEASE 1.0-beta

  • Fix handling of invalid closing tags in HTML messages (#4403)
  • Set real content-type for file downloads (#4400)
  • Update TinyMCE to version 3.5.10 (#4401)
  • Fix keyboard navigation in list widgets (#4367)
  • Allow plugins to grab the reference of opened windows (#4383)
  • Larry skin: Improved status message display for better visibility (#4115)
  • Fix Internet Explorer 11 detection (#4397)
  • Fix date column width to fit the widest possible date format (#4354)
  • Move certain user preference options to a collapsed "advanced" block (#4015)
  • Add file type icons for Powerpoint and Open Office presentations (#4269)
  • Fix operations on folders with trailing spaces in name (#4387)
  • Improve identity selection based on From: header (#4360)
  • Fix issue where mails with inline images of the same name contained only the first image multiple times (#4378)
  • Use left/right arrow keys to collapse/expand thread and spacebar to select a row, change Ctrl key behavior (#4367)
  • Fix an issue where using arrow keys to go up a list can result in selected message being under headers (#4375)
  • Fix an issue where Home/End keys don't focus list row properly, don't scrollTo properly (#4370)
  • Add an option to disable smart Reply-List behaviour - reply_all_mode (#3953)
  • Fix an issue where pressing minus key on contacts list was hiding list records (#4368)
  • Fix an issue where shift + arrow-up key wasn't selecting all messages in collapsed thread (#4371)
  • Added icon for priority column in messages list header (#4275)
  • New feature "Canned Responses" to save and recall boilerplate text snippets
  • Fix HTML part detection when encapsulated inside multipart/signed (#4357)
  • Add spellchecker backend for the After the Deadline service
  • Replace markdown-style [1] link indexes in plain text email bodies
  • Improved mailto: link arguments handling (#4351)
  • Use DOMDocument LIBXML_PARSEHUGE and LIBXML_COMPACT options if possible (#4316)
  • Support HTTP_HOST, SERVER_NAME and SERVER_ADDR values in include_host_config feature
  • Make default font size for HTML messages configurable (request #118)
  • Fix XSS issue in addressbook group name field [CVE-2013-5646] (#4337)
  • After message is sent refresh messages list of replied message folder (#4282)
  • Add option force specified domain in user login - username_domain_forced (#4290)
  • Add option to import Vcards with group assignments
  • Save groups membership in Vcard export (#3801)
  • Workaround broken PHP function timezone_name_from_abbr (#4289)
  • Make cached message size limit configurable - messages_cache_threshold (#4326)
  • Log also failed logins to userlogins log
  • Add temp_dir_ttl configuration option (#4318)
  • Allow setting INBOX as Sent folder (#4264)
  • Fix replacement variables in user-specific base_dn in some LDAP requests (#4299)
  • Fix image scaling issues when image has only one dimension smaller than the limit (#4296)
  • Fix issue where uploaded photo was lost when contact form did not validate (#4296)
  • Move identity selection based on non-standard headers into (new) identity_select plugin (#3835)
  • Fix downloading binary files with (wrong) text/* content-type (#4292)
  • Respect HTTP_X_FORWARDED_FOR and HTTP_X_REAL_IP variables for session IP check
  • Simplified configuration by merging it into one file + defaults (#3156)
  • Make message list header stay on top when scrolling (#353)
  • Add support for 'enchant' spellcheck engine
  • Check filetype detection in installer and update script (#4252)
  • Fix folder names truncation in Classic skin (#4265)
  • Make possible to disable some (broken) IMAP extensions with imap_disable_caps option (#4245)
  • Contacts drag-n-drop default action is to move contacts (#3962)
  • Added possibility to choose to move or copy contacts from drag-n-drop menu (#3962)
  • Fix Close link and remove About link on error pages (#4201)
  • Improved/unified attachment preview screen, added print button
  • Fix lack of space between searchfiler and quicksearchbar in Larry skin (#4233)
  • Cache LDAP's user_specific search and use vlv for better performance (#4247)
  • LDAP: auto-detect and use VLV indices for all search operations
  • LDAP: additional group configuration options for address books
  • LDAP: separated address book implementation from a generic LDAP wrapper class
  • Allow address books to browse a multi-level group hierarchy in the contacts list
  • Fix session issues when local and database time differs (#2401)
  • Fix thread cache syncronization/validation (#4150)
  • Added feature to import messages to the currently selected folder
  • Add option show_real_foldernames to disable localization of special folders
  • Fix database cache expunge issues (#4229)
  • Fix date format issues on MS SQL Server (#4078)
  • Add imap_cache_ttl option to configure TTL of imap_cache
  • Make LDAP cache engine configurable via ldap_cache and ldap_cache_ttl options
  • Fix "duplicate entry" errors on inserts to imap cache tables (#4228)
  • Improved handling of Reply-To/Bcc addresses of identity in compose form (#4142)
  • Added user preference to open all popups as standard windows
  • Implemented shared cache (rcube_cache_shared)
  • Change Reply-All button label/title when mailing list is detected (#4092)
  • Fix SMTP connection using IPv6 address in smtp_server option (#4147)
  • Added attachment_reminder plugin
  • Make PHP code eval() free, use create_function()
  • Add option to display email address together with a name in mail preview (#3952)
  • Support CSV import from Atmail (#4161)
  • Add db_prefix configuration option in place of db_table_/db_sequence_ options
  • Make possible to use db_prefix for schema initialization in Installer (#4175)
  • Fix updatedb.sh script so it recognizes also table prefix for external DDL files
  • Fix parsing invalid date string (#4155)
  • Add "with attachment" option to messages list filter (#1795)
  • Call resize handler in intervals to prevent lags and double onresize calls in Chrome (#4137)
  • Add rel="noreferrer" for links in displayed messages (#4976)
  • Add ability to toggle between HTML and text while viewing a message (#3005)
  • Remove "HTML message" from attachments list while viewing a message in text mode (#3005)
  • Support IMAP MOVE extension [RFC 6851]
  • Add attachment menu with Open and Download options (#4116)
  • Display user-friendly message on IMAP "over quota" errors (#914)
  • Extended archive plugin with user-configurable options to store messages into subfolders
  • Fix export of selected contacts from search result (#4070)
  • Feature to export only selected contacts from addressbook (by Phil Weir)

RELEASE 0.9.5

  • Fix failing vCard import when email address field contains spaces (#4363)
  • Fix default spell-check configuration after Google suspended their spell service
  • Fix vulnerability in handling _session argument of utils/save-prefs (#4362)
  • Fix iframe onload for upload errors handling (#4361)
  • Fix address matching in Return-Path header on identity selection (#4358)
  • Fix text wrapping issue with long unwrappable lines (#4356)
  • Fixed mispelling: occured -> occurred (#4353)
  • Fixed issues where HTML comments inside style tag would hang Internet Explorer
  • Fix setting domain in virtualmin password driver (#4336)
  • Hide Delivery Status Notification option when smtp_server is unset (#4339)
  • Display full attachment name using title attribute when name is too long to display (#4328)
  • Fix attachment icon issue when rare font/language is used (#4334)
  • Fix expanded thread root message styling after refreshing messages list (#4335)
  • Fix issue where From address was removed from Cc and Bcc fields when editing a draft (#4327)
  • Fix error_reporting directive check (#4331)
  • Fix de_DE localization of "About" label in Help plugin (#4333)

RELEASE 0.9.4

  • Make identities matching case insensitive (#1881)
  • Fix issue where too big message data was stored in cache causing sql errors (#4325)
  • Fix iframe scrollbars on webkit desktop browsers (#4319)
  • Fix issue where legacy config was overriden by default config (#4305)
  • Fix newmail_notifier issue where favicon wasn't changed back to default (#4324)
  • Fix setting of Junk and NonJunk flags by markasjunk plugin (#4303)
  • Fix lack of Reply-To address in header of forwarded message body (#4314)
  • Fix bugs when invoking contact creation form when read-only addressbook is selected (#4313)
  • Fix identity selection on reply (#4308)
  • Fix so additional headers are added to all messages sent (#4302)
  • Fix display issue after moving folder in Folder Manager (#4310)
  • Fix handling of non-default date formats (#4311)
  • Fix unquoted path in PREG expression on Windows (#4307)
  • Fix Junk folder icon alignment when it's nested in inbox folder (#4309)
  • Fix wrong close tag in /template/mail.html (#4312)

RELEASE 0.9.3

  • Optimized UI behavior for touch devices
  • Fix setting refresh_interval to "Never" in Preferences (#4304)
  • Fix purge action in folder manager (#4300)
  • Fix base URL resolving on attribute values with no quotes (#4297)
  • Fix wrong handling of links with '|' character (#4298)
  • Fix colorspace issue on image conversion using ImageMagick (#4294)
  • Fix XSS vulnerability when saving HTML signatures (#4283)
  • Fix XSS vulnerability when editing a message "as new" or draft (#4283)
  • Fix rewrite rule in .htaccess (#4278)
  • Fix detecting Turkish language in ISO-8859-9 encoding (#4284)
  • Fix identity-selection using Return-Path headers (#4279)
  • Fix parsing of links with ... in URL (#4251)
  • Fix compose priority selector when opening in new window (#4286)
  • Fix bug where signature wasn't changed on identity selection when editing a draft (#4272)
  • Fix IMAP SETMETADATA parameters quoting (#4274)
  • Fix "could not load message" error on valid empty message body (#4271)
  • Fix handling of message/rfc822 attachments on message forward and edit (#4262)
  • Fix parsing of square bracket characters in IMAP response strings (#4267)
  • Don't clear References and in-Reply-To when a message is "edited as new" (#4263)
  • Fix messages list sorting with THREAD=REFS
  • Remove deprecated (in PHP 5.5) PREG /e modifier usage (#4239)
  • Fix empty messages list when register_globals is enabled (#4232)
  • Fix so valid and set date.timezone is not required by installer checks (#4242)
  • Canonize boolean ini_get() results (#4249)
  • Fix so install do not fail when one of DB driver checks fails but other drivers exist (#4240)
  • Fix so exported vCard specifies encoding in v3-compatible format (#4244)

RELEASE 0.9.2

  • Fix image thumbnails display in print mode (#4220)
  • Fix height of message headers block (#4200)
  • Fix timeout issue on drag&drop uploads (#4238)
  • Fix default sorting of threaded list when THREAD=REFS isn't supported
  • Fix list mode switch to 'List' after saving list settings in Larry skin (#4236)
  • Fix error when there's no writeable addressbook source (#4235)
  • Fix zipdownload plugin issue with filenames charset (#4231)
  • Fix so non-inline images aren't skipped on forward (#4230)
  • Fix "null" instead of empty string on messages list in IE10 (#4227)
  • Fix legacy options handling
  • Fix so bounces addresses in Sender headers are skipped on Reply-All (#4140)
  • Fix bug where serialized strings were truncated in PDO::quote() (#4226)
  • Fix displaying messages with invalid self-closing HTML tags (#4223)
  • Fix PHP warning when responding to a message with many Return-Path headers (#4222)
  • Fix unintentional compose window resize (#4206)
  • Fix performance regression in text wrapping function (#4219)
  • Fix connection to posgtres db using unix socket (#4218)
  • Fix handling of comma when adding contact from contacts widget (#4199)
  • Fix bug where a message was opened in both preview pane and new window on double-click (#4212)
  • Fix fatal error when xdebug.max_nesting_level was exceeded in rcube_washtml (#4202)
  • Fix PHP warning in html_table::set_row_attribs() in PHP 5.4 (#4194)
  • Fix invalid option selected in default_font selector when font is unset (#4204)
  • Fix displaying contact with ID divisible by 100 in sql addressbook (#4211)
  • Fix browser warnings on PDF plugin detection (#4209)
  • Fix fatal error when parsing UUencoded messages (#4210)

RELEASE 0.9.1

  • Better German labels for from/to to avoid conflicts with 'sender' (#4188)
  • Fix problem where security warning was displayed for valid images with image/jpg type (#4196)
  • Fix handling of invalid email addresses in headers (#4193)
  • Fix IMAP connection issue with default_socket_timeout < 0 and imap_timeout < 0 (#4191)
  • Fix various PHP code bugs found using static analysis (#4190)
  • Fix backslash character handling on vCard import (#4189)
  • Fix csv import from Thunderbird with French localization (#4170)
  • Fix messages list focus issue in Opera and Webkit (#4169)
  • Fix Reply-To header handling in Reply-All action (#4157)
  • Fix so Sender: address is added to Cc: field on reply to all (#4140)
  • Fix so addressbook_search_mode works also for group search (#4183)
  • Fix removal of a contact from a group in LDAP addressbook (#4185)
  • Inlcude SQL query in the log on SQL error (#4172)
  • Fix handling untagged responses in IMAP FETCH - "could not load message" error (#4180)
  • Fix very small window size in Chrome (#4087)
  • Fix list page reset when viewing a message in Larry skin (#4182)
  • Fix min_refresh_interval handling on preferences save (#4179)
  • Fix PDF support detection for Firefox PDF.js (#4113)
  • Fix possible collision in generated thumbnail cache key (#4177)
  • Fix exit code on bootsrap errors in CLI mode (#4160)
  • Fix error handling in CLI mode, use STDERR and non-empty exit code (#5161)
  • Fix error when using check_referer=true
  • Fix incorrect handling of some specific links (#4171)
  • Fix incorrect handling of leading spaces in text wrapping
  • Fix unintentional messages list jumps on click in Internet Explorer (#4167)
  • Fix list of required configuration options (#4166)
  • Fix DB error when creating a new contact and a group is selected (#4164)
  • Fix handling of deprecated boolean value of reply_mode option (#4165)

RELEASE 0.9.0

  • Fix display of HTML entities in protected folder name (#4159)
  • Set minimal permissions to temp files (#4131)
  • Improve content check for embedded images without filename (#4151)
  • Fix handling of invalid characters in message headers and output (#4153)
  • Avoid race-conditions with concurrent attachment uploads (#3739)
  • Fix selecting collapsed rows on select-all (#4156)
  • Fix possible header duplicates when using additional headers (#4154)
  • Fix session issues with use_https=true (#4125)
  • Fix blockquote width in sent mail (#4152)
  • Fix keyboard events on list widgets in Internet Explorer (#4148)

RELEASE 0.9-rc2

  • Fix security issue in save-pref command
  • Remove sig_above configuration option, use reply_mode only (#4135)
  • Refresh current folder in opener window after draft save or message sent (#4132)
  • Fix saving draft just after entering compose window (#4141)
  • Fix javascript error in IE9 when loading form with placeholders into an iframe (#4138)
  • Fix handling of some conditional comment tags in HTML message (#4136)
  • Fix so forward as attachment works if additional attachment is added by message_compose hook (#4134)
  • Better handling of session errors in ajax requests (#4105)
  • Fix HTML part detection for some specific message structures (#4130)
  • Don't show fake address - phishing prevention (#4120)
  • Fix forward as attachment bug with editormode != 1 (#4129)
  • Fix LIMIT/OFFSET queries handling on MS SQL Server (#4123)
  • Fix javascript errors when working in a page opened with taget="_blank"
  • Mention SQLite database format change in UPGRADING file (#4122)
  • Increase maxlength to 254 chars for email input fields in addressbook (#4126)
  • Fix thumbnail size when GD extension is used for image resize (#4124)
  • Display notice that message is encrypted also for application/pkcs7-mime messages (#3815)

Release 0.9-rc

  • Updated translations from Transifex
  • Fix plain text spellchecker icorrect highlighting in non-ASCII text (#4114)
  • Add workaround for invalid message charset detection by IMAP servers (#4112)
  • Fix NUL characters in content-type of ms-tnef attachment (#4108)
  • Fix regression in handling LDAP contact identifiers (#4104)
  • Fix buggy error template in a frame (#4092)
  • Add addressbook widget on compose page in classic skin
  • Add search box to compose address book widget (#3710)
  • Fix login in case when default_host is an array with one element (#4085)
  • Use LDAP fallback hosts on connect + bind instead of ldap_connect() only.
  • Add config option for LDAP bind timeout (sets LDAP_OPT_NETWORK_TIMEOUT option)
  • Submit Addressbook advanced search form with Enter key (#3843)
  • Also block remote images in HTML part view (#4013)
  • Improved database schema upgrade procedure, added updatedb.sh script
  • Force autocommit mode in mysql database driver (#4068)

Release 0.9-beta

  • Fix searching by date in address book (#4058)
  • Improve charset detection by prioritizing charset according to user language (#2032)
  • Fix handling of escaped separator in vCard file (#4064)
  • Fix #countcontrols issue in IE<=8 when text is very long (#4060)
  • Add option to use envelope From address for MDN responses (#4052)
  • Add possibility to search in message body only (#3977)
  • Support "multipart/relative" as an alias for "multipart/related" type (#4057)
  • Display PGP/MIME signature attachments as "Digital Signature" (#3845)
  • Workaround UW-IMAP bug where hierarchy separator is added to the shared folder name (#4051)
  • Fix version comparisons with -stable suffix (#4050)
  • Add unsupported alternative parts to attachments list (#4046)
  • Add Compose button on message view page (#3959)
  • Display 'Sender' header in message preview
  • Plugin API: Added message_before_send hook
  • Fix contact copy/add-to-group operations on search result (#4042)
  • Use matching identity in MDN response (#4043)
  • Fix unwanted horizontal scrollbar in message preview header (#4044)
  • Fix handling of signatures on draft edit (#3996)
  • Fix so compacting of non-empty folder is possible also when messages list is empty (#4039)
  • Allow forwarding of multiple emails (#2941)
  • Fix big memory consumption of DB layer (#4037)
  • Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#4028)
  • Fix XSS vulnerability in vbscript: and data:text links handling (#4033)
  • Fix broken message/part bodies when FETCH response contains more untagged lines (#4020)
  • Fix empty email on identities list after identity update (#4018)
  • Add new identities_level: (4) one identity with possibility to edit only signature
  • Use Delivered-To and Envelope-To headers for identity selection (#4024, #3835)
  • Fix XSS vulnerability using Flash files (#4014)
  • Fix absolute positioning in HTML messages (#4007)
  • Fix cache (in)validation after setting \Deleted flag
  • Fix keybord events on messages list in opera browser (#4011)
  • Fix selection of collapsed thread rows (#3978)
  • Always save drafts with format=flowed in order to keep original line wraps (#3997)
  • Fix wrapping of quoted text with format=flowed (#3561)
  • Select default_addressbook on the list in Address Book (#3624)
  • Fix so mobile phone has TYPE=CELL in exported vCard (#4004)
  • Support contacts import from CSV file (#2605)
  • Improved keep-alive action. Now the interval is based on session_lifetime (#3799)
  • Added cross-task 'refresh' request for system state updates (#3799)
  • Renamed config options: keep_alive to refresh_interval, min_keep_alive to min_refresh_interval
  • Fix handling of text/enriched content on message reply/forward/edit
  • Option to display attached images as thumbnails below message body
  • Upgraded to jQuery 1.8.3 and jQuery UI 1.9.1
  • Add config option to automatically generate LDAP attributes for new entries
  • Add user settings to open message view and compose form in new windows (#1886)
  • Better client-side timezone detection using the jsTimezoneDetect library (#3947)
  • Add option to disable saving sent mail in Sent folder - no_save_sent_messages (#3923)
  • Fix handling dont_override with message_sort_col and message_sort_order settings (#3970)
  • Fix handling of URLs with asterisk characters (#3969)
  • Remove automatic to-lowercase conversion of usernames (#3941)
  • Plugin API: Add 'email_list' argument for identities data in user_create hook
  • Integrated zipdownload plugin to download all attachments (#617)
  • Fix HTML special characters handling in message list/header display (#3812)
  • List related text/html part as attachment in plain text mode (#3918)
  • Use IMAP BINARY (RFC3516) extension to fetch message/part bodies
  • Fix folder creation under public namespace root (#3910)
  • Fix so "Edit as new" on draft creates a new message (#3924)
  • Fix invalid error message on deleting mail from read only folder (#3929)
  • Replace data URIs of images (pasted in HTML editor) with inline attachments (#3795)
  • Remove (too big) min-width on mail screen
  • Added template object 'frame'
  • Add option to enable HTML editor on forwarding (#3807)
  • Add option to not include original message on reply, rename option top_posting to reply_mode (#1615)
  • Added session_path config option and unified cookies settings in javascript
  • Added "Undeleted" option to messages list filter
  • Rewritten test scripts for PHPUnit
  • Add new DB abstraction layer based on PHP PDO, supporting SQLite3 (#3668)
  • Removed PEAR::MDB2 package
  • Removed users.alias column, added option ('user_aliases') to use email address from identities as username (#3851)
  • Removed redundant cache.cache_id column (#3817)
  • Fix order of attachments in sent mail (#3740)
  • Fix Shift + delete button does not permanently delete messages (#3598)
  • Add Content-Length for attachments where possible (#1880)
  • Fix attachment sizes in message print page and attachment preview page (#3805)
  • Add mail attachments using drag & drop on HTML5 enabled browsers
  • Add workaround for invalid BODYSTRUCTURE response - parse message with Mail_mimeDecode package (#1966)
  • Display Tiff as Jpeg in browsers without Tiff support (#3757)
  • Don't display Pdf/Tiff/Flash attachments inline without browser support (#3757, #3394)
  • Add is_escaped attribute for html_select and html_textarea (#3782)
  • Fix issue where draft auto-save wasn't executed after some inactivity time
  • Add vCard import from multiple files at once (#3458)
  • Roundcube Framework:
    • Add possibility to replace IMAP driver with custom class
    • Add IMAP auto-connection feature, improving performance with caching enabled
    • Replace imap_init hook with storage_init (with additional 'driver' argument)
    • Improved performance by caching IMAP server's capabilities in session
    • Unified global functions naming (rcube_ prefix)
    • Better classes separation
    • Framework files moved to lib/Roundcube

Release 0.8.6

  • Fix security issue in save-pref command

Release 0.8.5

  • Fix #countcontrols issue in IE<=8 when text is very long (#4060)
  • Fix unwanted horizontal scrollbar in message preview header (#4044)
  • Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#4028)
  • Fix XSS vulnerability in vbscript: and data:text links handling (#4033)
  • Fix absolute positioning in HTML messages (#4007)
  • Fix keybord events on messages list in opera browser (#4011)
  • Fix cache (in)validation after setting \Deleted flag
  • Fix selection of collapsed thread rows (#3978)
  • Fix wrapping of quoted text with format=flowed (#3561)

Release 0.8.4

  • Fix XSS vulnerability in handling of text/enriched messages (#4000)
  • Fix handling of 'media' attribute on linked css (#3989)
  • Fix regression where unintentional page reload was done after request abort (#3999)
  • Fix excessive LFs at the end of composed message with top_posting=true (#3995)
  • Fix bug where leading blanks were stripped from quoted lines (#3994)

Release 0.8.3

  • Fix AREA links handling (#3992)
  • Fix possible HTTP DoS on error in keep-alive requests (#3983)
  • Fix compatybility with MDB2 2.5.0b4 (#3982)
  • Fix a bug where saving a message in INBOX wasn't possible
  • Fix HTML part detection in messages with attachments (#3976)
  • Fix bug where wrong words were highlighted on spell-before-send check
  • Fix scrolling quirk in email preview frame using Opera 12 (#3973)
  • Fix displaying of multipart/alternative messages with empty parts (#3961)
  • Fix Warning: htmlspecialchars(): charset `RCMAIL_CHARSET' not supported warning in Installer (#3958)
  • Fix threaded list sorting on PHP < 5.2.9 (#3960)

Release 0.8.2

  • Fix XSS vulnerability from HTTP User-Agent header (#3954)
  • Force fonts in compose fields to be all the same (#3926)
  • Add full headers view in message preview window (#3823)
  • Fix message display page issues (#3856, #3895)
  • Fix handling vCard entries with TEL;TYPE=CELL (#3949)
  • Fix error where session wasn't updated after folder rename/delete (#3928)
  • Fix PLAIN authentication for some IMAP servers (#3916)
  • Fix encoding vCard file when contains PHOTO;ENCODING=b (#3922)
  • Fix focus issue in IE when selecting message row (#3881)
  • Fix displaying all headers when they contain malformed characters (#3911)
  • Fix decoding of HTML messages with UTF-16 charset specified (#3902)
  • Fix quota capability detection so it can be overwritten by a plugin (#3903)
  • Fix identity selection on reply (#3516)
  • Fix Larry's messages list filter in IE (#3890)
  • Fix more IE issues by disabling Compat. mode with X-UA-Compatible meta tag (#3886)
  • Fix setting locales under Solaris - use additional .UTF-8 suffix (#3887)
  • Fix email address validation for addresses with IP address in domain part
  • Fix Larry skin issues in IE7 compat. mode (#3879)
  • Fix so subscribed non-existing/non-accessible shared folder can be unsubscribed

Release 0.8.1

  • Fix bug where domain name was converted to lower-case even with login_lc=false (#3859)
  • Fix lower-casing email address on replies (#3863)
  • Fix line separator in exported messages (#3866)
  • Fix XSS issue where plain signatures wasn't secured in HTML mode (#3875)
  • Fix XSS issue where href="javascript:" wasn't secured (#3875)
  • Fix impossible to create message with empty plain text part (#3873)
  • Fix stripped apostrophes when replying in plain text to HTML message (#3869)
  • Fix inactive Save search option after advanced search (#3870)
  • Fix Remove from group option is active for contact search result (#3871)
  • Disable autocapitalization in login form on iPad/iPhone (#3872)
  • Fix focus on the list when list row is clicked (#3865)
  • Added separate From and To columns apart from smart From/To column (#2970)
  • Fix fallback to Larry skin when configured skin isn't available (#3857)
  • Fix (workaround) delete operations with some versions of memcache (#3858)
  • Fix (disable) request validation for spell and spell_html actions

Release 0.8.0

  • Renamed old default skin to 'classic'. Larry is the new default skin.
  • Support connections to memcached socket file (#3848)
  • Enable TinyMCE inlinepopups plugin
  • Update to TinyMCE 3.5.6
  • Correctly escape localized labels in javascript variable (#3842)
  • Update Net_SMTP/Auth_SASL packages to fix Digest-MD5/Cram-MD5 authentication (#3846)
  • Don't add attachments content into reply/forward/draft message body (#3837)
  • Fix 'no connection' errors on page unloads (#3832)
  • Plugin API: Add 'unauthenticated' hook (#3545)
  • Show explicit error message when provided hostname is invalid (#3834)
  • Fix wrong compose screen elements focus in IE9 (#3826)
  • Fix fatal error when date.timezone isn't set (#3831)
  • Update to TinyMCE 3.5.4.1
  • Better icons with distinct shapes for priority columns (#3706)
  • Show dedicated icon for multipart/report messages (#3813)
  • Properly hide text of icon links/buttons (#3820)
  • Fix handling of unitless CSS size values in HTML message (#3821)
  • Fix removing contact photo using LDAP addressbook (#3737)
  • Fix storing X-ANNIVERSARY date in vCard format (#3816)
  • Update to Mail_Mime-1.8.5 (#3810)
  • Fix XSS vulnerability in message subject handling using Larry skin (#3809)
  • Fix handling of links with various URI schemes e.g. "skype:" (#3521)
  • Fix handling of links inside PRE elements on html to text conversion
  • Fix indexing of links on html to text conversion
  • Decode header value in rcube_mime::get() by default (#3803)
  • Fix errors with enabled PHP magic_quotes_sybase option (#3798)
  • Fix SQL query for contacts listing on MS SQL Server (#3797)
  • Fix window.resize handler on IE8 and Opera (#3758)
  • Don't let error message popups cover the login form (#3794)
  • Don't show errors when moving contacts into groups they are already in (#3788)
  • Make folders with unread messages in subfolders bold again (#2892)
  • Abbreviate long attachment file names with ellipsis (#3793)
  • Fix html2text conversion of strong|b|a|th|h tags when used in upper case
  • Add listcontrols template container in Larry skin (#3792)
  • Fix host autoselection when default_host is an array (#3790)
  • Move messages forwarding mode setting into Preferences
  • Fix HTML entities handling in HTML editor (#3780)
  • Fix listing shared folders on Courier IMAP (#3767)
Clone this wiki locally