[commits] Horde annotated tag horde_core-2.26.0 created. f22553469ce02559cf2f8dbf268c766d950b5590
Jan Schneider
jan at horde.org
Tue Sep 6 15:10:08 UTC 2016
The annotated tag "horde_core-2.26.0" has been created.
at f22553469ce02559cf2f8dbf268c766d950b5590 (tag)
tagging fa4657ad19100cb5b1154a068ce40cbfb3dc4e78 (commit)
replaces horde_mime-2.10.1
tagged by Jan Schneider
on Tue Sep 6 16:31:55 2016 +0200
-----------------------------------------------------------------------
Released Horde_Core-2.26.0.
Jan Schneider (8):
docs
[jan] Catch errors when checking one-time form tokens.
[jan] SECURITY: enable CSRF token for configuration form again (Reported by Dawid Gounski via Beyond Security's SecuriTeam Secure Disclosure program).
[jan] SECURITY: Don't render SVG images in the browser to avoid XSS attacks (Reported by Dawid Gounski via Beyond Security's SecuriTeam Secure Disclosure program).
Fix XSS with data:html links and form actions.
[jan] SECURITY: Fix XSS via data:text/html content of form action and xlink attributes (Reported by Liuzhu <fantasy7082 at hotmail.com>).
[jan] SECURITY: Add CSRF protection tokens to portal layout forms (Reported by Florian Köllich <florian.koellich at tirol.gv.at>).
Released Horde_Core-2.26.0
Michael J Rubinsky (3):
Development mode for Horde_Mime-2.10.2
Bug: 14457 These values should always be UTF-8.
Fix phpdoc.
Rob Lensen (2):
Update backends.php
Update Vfs.php
More information about the commits
mailing list