March 6, 2014
Multiple Security Improvements:
- XSS and CSRF vulnerability reduction through architectural changes
- New filters and validation rules for API calls
- New filters and validation rules for software functionality
- Corrected Webdav controller functionality
- Improved attachment and storage filename rules
- Forced download of attachments for insecure mime types
- Reduced exposure of technical error messages to end-users
Multiple Bug Fixes:
- [Storage] Icons in storage pane
- [System] Icon colours within colour themes
- [Email] Unread icon functionality for threaded messages
- [Contacts] Contact import button text
- [Email] Support for pasting multiple emails into address fields
- [Admin] Fixed selection boxes within WebAdmin
- [Calendar] Fixed calendar bug on viewing day/week/month
- [Storage] Fixed upload button bug for storage
- [Calendar] Fixed bug for event attendees in Chrome and Safari
- [Security] Spam Reporting bug
- [Email] HTML formatted message display
- [Email] Flag deletion on reply
Improvements:
- [System] Increased tooltip support
- [System] httponly cookie support
- [System] General clean up & removal of unused code
- [General] Improved multiple device synchronisation support
- [General] Updated DavSync plugin
Comments