March 6, 2014

Multiple Security Improvements:

• XSS and CSRF vulnerability reduction through architectural changes
• New filters and validation rules for API calls
• New filters and validation rules for software functionality
• Corrected Webdav controller functionality
• Improved attachment and storage filename rules
• Forced download of attachments for insecure mime types
• Reduced exposure of technical error messages to end-users

Multiple Bug Fixes:

• [Storage] Icons in storage pane
• [System] Icon colours within colour themes
• [Email] Unread icon functionality for threaded messages
• [Contacts] Contact import button text
• [Email] Support for pasting multiple emails into address fields
• [Admin] Fixed selection boxes within WebAdmin
• [Calendar] Fixed calendar bug on viewing day/week/month
• [Storage] Fixed upload button bug for storage
• [Calendar] Fixed bug for event attendees in Chrome and Safari
• [Security] Spam Reporting bug
• [Email] HTML formatted message display
• [Email] Flag deletion on reply

Improvements:

• [System] Increased tooltip support
• [System] httponly cookie support
• [System] General clean up & removal of unused code
• [General] Improved multiple device synchronisation support
• [General] Updated DavSync plugin