-
Notifications
You must be signed in to change notification settings - Fork 24
/
CHANGES
3389 lines (2899 loc) · 141 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
-------
v5.2.23
-------
[mjr] SECURITY: Fix javascript injection vulnerability in mobile login page.
[mjr] Fix broken cloud search in portal block.
-------
v5.2.22
-------
[jan] SECURITY: Protect image processing service from rendering active SVG
content within the browser.
[jan] SECURITY: Fix XSS vulnerabilities in administration interface.
[jan] Support Redis Sentinel configuration (Michael Menge
<michael.menge@zdv.uni-tuebingen.de>, Request #14998).
[jan] Use file hashing for detecting outdated configuration files.
-------
v5.2.21
-------
[mjr] SECURITY: Fix XSS vulnerability in the Cloud Block.
-------
v5.2.20
-------
[mjr] SECURITY: Fix XSS vulnerability when rendering custom background colors
in a sidebar row (Bug #14857).
-------
v5.2.19
-------
[jan] Add option to kill a user session from the administration interface.
[mjr] Fix detecting available upgrades for library packages.
-------
v5.2.18
-------
[jan] Fix dynamically updating menu entries with a _target (Bug #14740).
[jan] Check for both the memcache and memcached extensions in test script (Bug
#14691).
-------
v5.2.17
-------
[jan] Fix returning to last URL after using the login link.
[jan] Officially support PHP 7.
-------
v5.2.16
-------
[jan] SECURITY: Fix open redirects.
-------
v5.2.15
-------
[jan] Show alarm ID with error output from horde-alarms.
-------
v5.2.14
-------
[mjr] Fix errors in horde-memcache-stats script (Bug #14588).
[mjr] Remove configuration for defunct Yahoo, CloudMade, and MyTopo mapping
providers.
-------
v5.2.13
-------
[jan] Disallow setting of creator permissions too if sharing with world is
disabled.
-------
v5.2.12
-------
[jan] SECURITY: Add CSRF protection tokens to portal layout forms (Reported by
Florian Köllich <florian.koellich@tirol.gv.at>).
[jan] Fix double loading of hooks.php.
-------
v5.2.11
-------
[jan] Update Portuguese translation.
[jan] Update Basque translation.
-------
v5.2.10
-------
[mjr] Remove broken Facebook posting functionality from the Facebook block.
[jan] Update Greek translation (Limperis Antonis <limperis@cti.gr>).
[jan] Check if temporary directory is writable
(skhorde@smail.inf.fh-bonn-rhein-sieg.de, Request #14237).
------
v5.2.9
------
[jan] SECURITY: Fix XSS vulnerability in menu bar exposed by few applications
(Bug #14213).
[jan] Add more detailed user DN settings to Kolab group configuration (Request
#11737).
[jan] Fix returning to last page after problem reporting from AJAX pages (Bug
#12112).
[jan] Fix custom database configuration for groups (Bug #11664).
[jan] Use access rules compatible with both Apache 2.2 and 2.4.
[mjr] Fix reporting results for non-select queries in administrative sql shell
(Bug #14216).
------
v5.2.8
------
[mjr] SECURITY: Protect against CSRF attacks on various admin pages.
[jan] Don't apply access keys to checkbox and radiobox rows in the sidebar
(Bug #14103).
[jan] Send correct MIME type for non-statically cached javascript files.
[mjr] Added configuration support for version 2 of WorldWeatherOnline's API.
------
v5.2.7
------
[mjr] Don't create a session for Webdav requests (Bug #14040).
[jan] Mark PHP 5.6 as officially supported.
[mjr] Fix some issues with the permission interface when a value of 0 is a
valid permission value (Bug #14025).
------
v5.2.6
------
[jan] Use Horde_Ldap in example preference hooks.
[jan] Convert REDIRECT_HTTP_AUTHORIZATION to HTTP authentication headers too.
[jan] Display MOTD on mobile login screen.
------
v5.2.5
------
[jan] SECURITY: Fix XSS vulnerability in group administration.
[mjr] Fix display of Facebook block by removing no longer allowed notification
data.
------
v5.2.4
------
[mms] Make dynamic context menus scrollable if taller than the browser screen
height (Bug #13833).
[jan] Fix horde-import-squirrelmail-prefs script (Bug #13780).
[jan] Don't instantiate notification system for RPC requests.
------
v5.2.3
------
[mjr] Fix performing actions from ActiveSync user preference page (Bug #13657).
[jan] Add missing 'secure' configuration for SMTP.
------
v5.2.2
------
[mjr] Honor date_format_mini in Moon block (Bug #13628).
[jan] Fix spacing in top menu (Bug #13617).
[jan] Don't show password reset preferences if disabled in configuration (Bug
#13618).
[mjr] Remove non-existent Yahoo Maps option for map tile provider.
[mms] Fix display of Horde stylesheets not served from the local server (i.e.
via a CDN).
[jan] Hide weather portal block if weather configuration is disabled (Bug
#13559).
[jan] Add show_encryption setting to HTTP authentication configuration
(Jasper.Olbrich@students.uni-marburg.de, Bug #13444).
------
v5.2.1
------
[mjr] Fix cancelling remote wipe of EAS client from user prefs.
[mms] Fix fatal error in signup confirmation script.
[mjr] Fix removing ActiveSync device state from administrative interface when
multiple user accounts exist on the same device (Bug #13336).
------
v5.2.0
------
[mms] Add configuration to allow for SMTP authentication if the current Horde
access does not have an authenticated user.
---------
v5.2.0RC2
---------
[mjr] Fix removing EAS device pairings via the removeUserData API (Bug #13278).
---------
v5.2.0RC1
---------
[jan] Add configuration for searching user DNs in LDAP groups (Bug #12128).
[jan] Don't try to write to read-only group backends when removing user data
(skhorde@smail.inf.fh-bonn-rhein-sieg.de, Bug #13248).
-----------
v5.2.0beta2
-----------
[mms] Cleaner indication on login page that an authenticated user is logging
into specific application rather than Horde in general.
-----------
v5.2.0beta1
-----------
[mjr] Fix blocking an ActiveSync client through the admin interface.
[mjr] Add an ActivSync device's currently used heartbeat interval to the device
information display.
[mms] Fix regression in displaying MOTD content on login screen.
[mms] Support LMTP servers when sending mail.
------------
v5.2.0alpha1
------------
[mms] Add more advanced configuration options for the Redis HashTable driver
(Michael Cramer <michael@bigmichi1.de>).
[jan] Add script to import user preferences from Open-Xchange.
[mms] The location of dynamically served static files is now configurable
(Request #13070).
[jan] Update Korean translation (Deokgon Kim <dgkim@dgkim.net>.
[mms] Add a NoSQL driver for history storage.
[mms] The history driver can now be configured via conf.php.
[jan] Add mysql encryption option for SQL backends (Request #12962).
[rla] Add joomla-md5 encryption option for SQL backends (Request #12889).
[mms] By default, enforce maximum storage size on preferences values.
[mms] Support UglifyJS for compressing javascript.
[mjr] Add improved ActiveSync device administration page.
[mms] Display indication that Caps Lock key is on when entering password on
login page (Request #7178).
[mjr] Add support for configuring a NoSQL driver for ActiveSync state storage.
[mms] Added 'filemtime' configuration option for CSS caching.
[mjr] Add support for X509 authentication support.
[mjr] Improve logging options for ActiveSync logging configuration.
[mjr] Add support for managing ActiveSync devices through the API.
[mjr] Add prefs for selecting From address when sending email via ActiveSync.
------
v5.1.7
------
[jan] Detect REPORT queries as DAV requests in RPC server (Bug #13124).
[jan] Fix fatal error in LDAP account portal block (Bug #12910).
[jan] Update Korean translation (Deokgon Kim <dgkim@dgkim.net>).
------
v5.1.6
------
[jan] Update Danish translation (Erling Preben Hansen <erling@eph.dk>).
[mms] Fix regression where AJAX actions were not correctly checking permissions
and potential authentication expiration actions.
------
v5.1.5
------
[jan] SECURITY: Protect against CSRF attacks on share permissions form (Bug
#12804, CVE-2013-6365).
[jan] SECURITY: Fix XSS vulnerabilities in top and left menu (Bug #12803,
CVE-2013-6364).
[jan] Don't show admin alarm form if alarms are disabled.
[mms] Add horde-remove-user-data command-line script.
[mms] Add additional syntax checking for the configuration files in the test
script.
[mms] Only update topbar if the underlying tree data has changed.
------
v5.1.4
------
[mjr] Fix detecting ActiveSync policies for EAS version 12.0.
[jan] Fix fatal error on ActiveSync preferences page (Bug #12631).
------
v5.1.3
------
[mjr] Fix issue displaying ActiveSync pref page when it contains a wiped
device entry.
[mms] Allow non-authenticated AJAX actions to be defined.
[mms] Improved session administration UI (Request #12515).
[jan] Make "Others" and cogwheel menu entry available on iOS (Bug #11937).
------
v5.1.2
------
[jan] Set Basic Authentication HTTP headers if running PHP as CGI.
[jan] Return to original URL after logging in.
[jan] Fix login icon.
[jan] Enable Turkish translation on PHP 5.5.
[rla] Add a cli script for running queue tasks.
[jan] Create parent permissions too if automatically creating permissions (Bug
#11689).
------
v5.1.1
------
[mjr] Update Twitter block layout to honor Twitter's API version 1.1 display
requirements, and add support for updating favorites.
------
v5.1.0
------
Final release.
---------
v5.1.0RC1
---------
[mms] Add 'ajaxaction_handle' hook and deprecate 'ajaxaction' hook.
[mms] Add configuration option to configure the e-mail address reset password
confirmation messages should be sent from.
[mms] Treat an AJAX session token failure as a session timeout.
-----------
v5.1.0beta3
-----------
[jan] Fix broken configuration definition.
-----------
v5.1.0beta2
-----------
[mms] Add configuration of the Horde_HashTable package.
[jan] Fix incorrect dependencies.
-----------
v5.1.0beta1
-----------
[mms] Add ability to update/create NoSQL indices from the admin config page.
[mjr] Add activesync device hooks.
[mms] Add a global default NoSQL driver configuration.
[mms] Allow MongoDB to be used as a cache backend.
[jan] Check all installed PEAR packages when checking for updates.
[mms] Add 'ajaxaction_data' hook.
------
v5.0.5
------
[mms] SECURITY: Fix XSS vulnerability on smartmobile portal page (João Machado
<geral@jpaulo.eu>).
[jan] Fix changing expired passwords.
[jan] Fix form to reset passwords.
[mjr] Fix displaying activesync devices when a username hook is being used
(Bug #12186).
[jan] Hide navigation elements from print layout (Bug #12163).
[cjh] Add support for New Relic real-user monitoring (RUM) if New Relic is
installed.
[mms] Login screen now hides the mode input if javascript is not available, as
minimal view is the only supported mode (Request #12093).
[jan] Fix searching from topbar if search URL contains parameters.
------
v5.0.4
------
[jan] Update French translation (Paul De Vlieger
<paul.de_vlieger@moniut.univ-bpclermont.fr>).
------
v5.0.3
------
[jan] Fix setting menu refresh rate to none (Bug #11867).
[jan] Update Basque translation (Ibon Igartua <ibon.igartua@ehu.es>).
[jan] Fix JavaScript errors after updating the top menu.
------
v5.0.2
------
[jan] Fix adding user in admin actions (Bug #11690).
[mms] Fix removing user in admin actions (Bug #11690).
[jan] Allow to set custom search field label.
------
v5.0.1
------
[jan] Fix form for editing and removing of users.
[mjr] Workaround for broken iOS ActiveSync AUTODISCOVER requests (Bug #11624).
[jan] Update Slovak translation (Jozef Sudolský <jozef.sudolsky@elbia.sk>).
[mms] Fix topbar javascript on IE8 (Bug #11614).
[jan] Fix LDAP example for authusername hook.
------
v5.0.0
------
[jan] Update Polish translation (Krzysztof Kozera <krzysztof113@o2.pl>).
[jan] Update Dutch translation (Arjen de Korte <arjen+horde@de-korte.org>).
---------
v5.0.0RC1
---------
[jan] Port VAT identification block to use SOAP extension.
[jan] Fix dynamic updating of portal blocks.
[mms] Allow view-specific help files to inherit from base application help
file.
[mms] Allow application basic/dynamic views to have different help source
files.
-----------
v5.0.0beta6
-----------
[mms] Show non-javascript enhanced login screen for non-smartmobile mobile
browsers (Bug #11215).
[mms] Add version parameter to CSS/javascript file URLs to help with cache
busting when these files change between releases.
[mms] Add configuration option for maximum allowed session times.
-----------
v5.0.0beta5
-----------
[jan] Fix cancelling problem report.
[jan] Fix audio notification path printed in page output.
-----------
v5.0.0beta4
-----------
[jan] Fix logging in without JavaScript (Bug #11328).
[mms] Fix sidebar element wrapping.
[mms] Better handling of backend authentication errors when returning AJAX data
(Bug #11297).
[mjr] Fix autocompletion of tags in ajax views.
-----------
v5.0.0beta3
-----------
[jan] Fix dependency on Horde_Service_Weather.
-----------
v5.0.0beta2
-----------
[mjr] Request SSL connection from map providers if using SSL (Bug #11193).
[jan] Remove optional dependency on Horde_DataTree.
-----------
v5.0.0beta1
-----------
[jan] Remove DataTree support.
[jan] Allow to configure encryption in global IMAP configuration (Request
#11272).
[jan] Update icon set.
[rla] Retrieve more detailed message from Horde_Auth when a user is temporarily
or permanently locked out (Request #11254).
------------
v5.0.0alpha1
------------
First alpha release for Horde 5.
[jan] Implement new user interface.
[mms] Add 'suppress' option to prefs.php group entries.
[mms] Add 'on_change', 'on_init', 'requires', 'requires_nolock', and 'suppress'
options to prefs.php preference entries.
[mms] Remove support for IE 6.
[mms] Token protect all AJAX actions.
[jan] Allow to use IMAP storage for shares and groupware data without a
complete Kolab server.
[mms] Implement growler-like notifications for smartmobile view.
[mms] Modified pushapp hook behavior.
[mms] Removed pushapp_post hook.
[mms] AJAX core features now contained within Horde_Core.
[mms] E-mail sending charset now defaults to UTF-8.
[mms] Add post-install script for the Horde application
[mms] Portal blocks can now load just the CSS necessary to display an
application's blocks.
[jan] Show notifications during logging into Smartphone mode.
-------
v4.0.16
-------
[jan] Fix adding attachments to problem tickets (Bug #10654).
[jan] Update Turkish translation (İstanbul Technical University).
[jan] Fix setting permissions on static/ directory with horde-set-perms (Bug
#11219).
-------
v4.0.15
-------
[jan] Update Swedish translation (Jakob Alvermark
<jakob.alvermark@bsdlabs.com>).
[jan] Update Italian translation (Emilien <emilien@wifi.e4a.it>).
[jan] Update Lybian flag (Request #11169).
[jan] Update Slovak translation (Marika Schvarczova
<schvarczova.marika@domeny.sk>).
[jan] Update Czech translation (Michal Foist <michal@foist.cz>).
[jan] Update Hungarian translation (Zoltán Németh <nemeth.zoltan@etit.hu>).
[jan] Fix horde-set-perms script (Arjen de Korte, Bug #11048).
-------
v4.0.14
-------
[mjr] Add more atomic control over ActiveSync security policies for better
device compatibility.
[mms] Add 'sendmail_eol' configuration parameter.
[jan] Fix horde-set-perms (piper@hrz.uni-marburg.de, Bug #10923).
[jan] Sort user and group names in permission screen (Request #10896).
-------
v4.0.13
-------
[jan] Make the lifetime of cached weather information configurable (Arjen de
Korte, Request #10848).
[jan] Update Dutch translation (Arjen de Korte <build+horde@de-korte.org>).
[mjr] Improve layout of weather block.
[jan] Update Japanese translation (Hiromi Kimura <hiromi@tac.tsukuba.ac.jp>).
-------
v4.0.12
-------
[mjr] Replace Weatherdotcom portal block with generic Weather block supported
by Horde_Service_Weather.
[jan] Add configuration option to disable password resets (Request #10640).
-------
v4.0.11
-------
[cjh] Add Hordevetica theme.
[mjr] Fix issue with ajax uploader and file sizes over 1mb (Bug #10641).
[mjr] Do not show results in the tag cloud block owned by other users.
-------
v4.0.10
-------
[mjr] Update javascript map library.
[mms] Allow in-page base64 image encoding to be disabled via configuration.
[jan] Add administration page to list and clear locks.
------
v4.0.9
------
[rla] Add account locking similar to the former kolab-specific option.
[jan] Add missing configuration for LDAP groups write support.
[rla] Reset password dialog shows a warning when no security question is set
(Request #10430).
[mjr] Update jQuery Mobile to version 1.0 Beta 2.
[jan] Update hordeweb theme to match new website layout.
------
v4.0.8
------
[mjr] Add remove button to image fields (Request #9870).
[mjr] Fix sending unnecessary FOLDERSYNC changes.
[mjr] Fix issue with FOLDERSYNC requests that was causing Android clients to
PING and SYNC the same collection an unlimited number of times.
[mjr] Use FQL to obtain event list and add rsvp_status.
[cjh] Add mobile maintenance screens.
[jan] Fix exporting multiline attributes to vCard 2.1 and vCalendar 1.0.
[cjh] New log filter for exact level matching (Bryan Alves
<bryanalves@gmail.com>).
[jan] Don't set optional integer fields to 0 when automatically updating
configuration.
[mjr] ActiveSync policykey is now per user, not per device.
[mjr] Fix recurring event exception handling for ActiveSync.
[mjr] Use AS in column aliases to make PostgreSQL happy (Bug #10346).
[jan] Don't show mobile login page if users are forced to traditional or
dynamic views (Request #10358).
[mjr] Improve calendar PING for iOS devices.
[mjr] Prevent an ActiveSync sync loop in some fringe cases.
[jan] Update PGP key server list and add SKS pool.
------
v4.0.7
------
[mjr] Fix returning shares in the proper order when fetching multiple shares
by id.
[jan] Don't use CSS cache in mobile interfaces because it breaks jQuery Mobile
CSS.
[mjr] Fix race conditions caused by broken clients sending an inappropriate
PING request.
[jan] Fix duplication of objects during synchronization (joniw@t-online.de,
Bug #10081).
[jan] Don't allow to click disabled login button (Bug #10267).
[jan] Allow configuration of split read databases for PostgreSQL (Request
#7025).
[mjr] Honor initial_application setting for mobile view (Bug #10264).
[mjr] Fix issue with initial Android ActiveSync pairing.
[gwr] Support restricting the HTML tidy post processing by the message size
(Request #10266).
[gwr] Disabled the timeout on the logout token.
[mjr] Fix integer overflow issue in Facebook code (Bug #9889).
[mms] Fix adding users with Cyrsql driver (vilius@lnk.lt, Bug #10239).
------
v4.0.6
------
[jan] Fix extracting of translation strings in a release.
[rla] Add user-specific admin permissions (Request #9350).
[jan] Don't strip domain from user name in account block.
[jan] Fix account block with empty configuration parameters.
------
v4.0.5
------
[jan] Remove debug code.
------
v4.0.4
------
[gwr] Added a script for exporting/importing preferences from/to a backend.
[mms] Fix regression with UTF7-IMAP encoding of non-ascii folder names (Bug
#10093).
[mms] Allow numbers to be zero in certain preferences (Bug #10120).
[mms] Fix running Horde login tasks (Bug #9767).
[mms] Fix authenticating as several users in the same request (Bug #10027).
[mms] Fix colorpicker on categories preferences screen (Bug #10118).
[jan] Update Spanish translation.
[jan] Update Slovak translation.
[mjr] Fix Metar portal block.
[gwr] Add support for the Kolab IMAP based preferences backend.
[mms] Complete fix for issue causing slow syncs only (Bug #10008).
------
v4.0.3
------
[mjr] Fix usage of countOwners() and listOwners() in the Sqlng driver.
[mms] Fix return link after reporting problem (Bug #10069).
[jan] Add button to update all configurations with default values at once.
[jan] Update DataTree conversion scripts for Horde 4.
[jan] Fix rendering of DataTree browse tree.
[mjr] Fix issue with deleting identities (Bug #9997).
[mjr] Fix issue causing credentials to be lost when accessing the API during
ActiveSync requests (Bug #9733).
[jan] Store preferences for guests in the session.
------
v4.0.2
------
[jan] SECURITY: Fix permission checks of guest users on system shares.
[mms] SECURITY: Fix deletion of unwanted HTML nodes in XSS filter.
[mms] Fix authentication failure when TOS is not accepted.
[jan] Don't show IMP compose link if user doesn't have permissions to IMP (Bug
#10016).
[mms] Fix issue causing slow syncs only in SyncML (Bug #10008).
[jan] Fix adding categories.
[jan] Fix listing users in Customsql driver (Bug #9963).
[jan] Fix calculation of last password change in LDAP account portal block
(Bug #9770).
[jan] Don't check for outdated DB schemas if database support is disabled (Bug
#9986).
[mjr] Fix editing settings of fixed portal blocks (Bug #9910).
------
v4.0.1
------
[mjr] Fix the blockTitle and blockContent API methods.
[jan] Fix creating folders with SQL VFS driver (Bug #9894).
[jan] Fix LDAP parameters of account portal block (Klaus Steinberger, Bug
#9770).
[jan] Fix migration detection on Windows.
[mjr] Correctly sanitize DSN when using custom cyrus auth driver (Bug #9879).
[mjr] Fix some display issues when geocoding with HordeMap (Bug #9883).
[mms] Don't load sidebar content if not expanded.
[jan] Fix deleting groups.
[jan] Fix adding new groups (Bug #9881).
[jan] Fix displaying the Facebook preference group.
[mms] Add appinitialized hook.
[cjh] Fix cyrsql configuration, rename cyrus host and port parameters to not
clash with Horde_Db parameters (Bug #9864).
[cjh] Fix signups, and update style on signup and reset password pages to match
the login page (Bug #9856, partially from Ian Roth
<iron_hat@hotmail.com>).
[cjh] Show an unknown app icon rather than a broken image if an application
doesn't have an icon (Bug #9867).
[jan] Fix setting incorrect database charset in PDO drivers.
------
v4.0.0
------
[mms] Add pushapp_post hook.
[jan] Fix application-specific permission checks (Bug #9786).
[jan] Fix resetting passwords (Vilius Sumskas <vilius@lnk.lt>, Bug #9800).
[jan] Fix Cyrsql authentication driver (Vilius Sumskas <vilius@lnk.lt>, Bug
#9781).
[mjr] Fix ActiveSync provisioning.
[mjr] Fix for broken Nokia MfE clients (Bug #9757).
[jan] Move all executable upgrade scripts to bin/ and prefix with horde-.
[jan] Delete object mappings too when deleting SyncML anchors (Request #9377).
[jan] Delay sidebar creation if the sidebar is generated through JavaScript.
---------
v4.0.0RC2
---------
[jan] Fix incorrect lowercasing of objectClasses in LDAP groups driver.
[jan] Fix fatal error in desktop notifications (Bug #9727).
[jan] Rename all scripts in bin/ to be prefixed with horde- and installed in
PEAR's bin_dir (Request #9647).
[jan] Don't throw exception when setting port number while using localhost in
MySQL configuration (Bug #9738).
[jan] Fix building LDAP filter for groups from configuration (Bug #9739).
[jan] Fix loading of Horde's vhost conf.php file (Bug #9704).
[jan] Fix OpenOffice MIME viewer.
[jan] Fire access keys on hidden elements in Internet Explorer (Bug #8057).
[jan] Don't fire access keys twice in Chrome browsers.
[jan] Fix JavaScript date calculations across DST boundaries.
[jan] Sort applications in preference menu by name.
[jan] Add translations for file upload error messages.
[mms] Fix identities pref UI when default_identity is locked (Bug #9701).
[mms] Added Horde::debug().
---------
v4.0.0RC1
---------
First release candidate for Horde 4.
[jan] Update installation and upgrade instructions.
[jan] Fix converting identities with non-ascii characters to new format.
[jan] Fix passing arguments to sendmail binary (Gonçalo Queirós, Bug #9693).
[mjr] Service_Facebook refactored for OAuth2 authentication (Bug #9122).
[mjr] IMSP drivers refactored for Horde 4.
[gwr] Allow disabling applications for administrators.
[jan] Don't show sub-permissions for adding that exist already.
[jan] Fix listing more than one sub-permission (Bug #9671).
[jan] Fix calendar synchronization with certain Nokia phones (Bug #9646).
-----------
v4.0.0beta1
-----------
[jan] Catch fatal errors about missing tables during initial configuration.
[mms] Fix client-side IMAP sorting using envelope data.
[mms] Workaround PHP < 5.2.6 (broken stream handling) (Bug #9644).
[mjr] Fix updating schema for individual libraries.
[mjr] Improved control over which application view to load.
[jan] Find translateable strings in configuration files.
[mms] Fix clearing expanded state for javascript trees (Bug #9659).
[jan] Only show advanced preferences link if there are some.
[mms] Fix updates for refreshing Blocks (Bug #9655).
[mjr] Fix viewing applications with no mobile view from mobile devices.
[jan] Fix error when not using a Group backend. (Bug #9642).
------------
v4.0.0alpha1
------------
First alpha release for Horde 4.
[jan] Provide default configuration files instead of .dist versions.
[jan] Add a new Share SQL driver with better performance.
[cjh] Drop Log SQL driver.
[mms] Update prototypejs to v1.7.
[mms] Add theme caching.
[mms] Add hook to allow browser capabilities to be modified.
[jan] Add a configuration switch for automatic creation of default shares.
[cjh] Move from Net_DNS to Net_DNS2.
[jan] Translations for the framework packages are now bundled with those
packages.
[bak] Remove LDAP driver from Horde_SessionHandler
[jan] Require mandatory UTF-8 support for both servers and clients.
[jan] Renamed Setup to Configuration and Options to Preferences.
[mms] Moved sidebar code out of block/portal code (Request #9160).
[cjh] Remove fckeditor, standardizing on ckeditor.
[jan] Move all translations from po/ to locale/ and use short locale
identifiers where possible.
[jan] Remove frameset.
[jan] Remove dhtmlHistory library.
[mms] Removed support for krb5 authentication driver.
[jan] Allow to specify the URL parameter name for the alternate login setting.
[mms] Remove reliance on PEAR Mail library.
[jan] Send alarm emails again if the alarm has changed (Bug #8717).
[mms] Add advanced preferences options screen.
[mms] Complete rewrite of preferences UI display.
[mjr] Horde_Image can now act as an Iterator for multi-page images.
[mms] Remove Horde_Cipher library.
[mms] Add 'cssfiles' hook to add custom CSS files to a page.
[jan] Add configuration to not automatically show all available shares.
[jan] Add configuration to disallow world permissions for user shares.
[jan] Store alarm dates in UTC (Bug #8381).
[mms] Add abstracted AJAX interface (Request #4561).
[mms] Update scriptaculous to v1.8.3.
[mjr] Add Horde_Image_Exif (ported from Ansel) and add a exiftool driver.
[mjr] Horde_Image now has a native Imagick driver (removed proxy code).
[mms] All Horde login/authentication handled by single login page.
[mms] Move imple processing to a Horde service.
[mms] Refactor Maintenance:: -> Horde_LoginTasks::.
[mms] In Postgres, horde_prefs table now stores data in BYTEA instead of TEXT
(Bug #8130).
[mms] Improved caching of Registry data significantly reduces session sizes and
total session storage requirements (Request #8024).
[mms] IMAP auth driver now uses Horde_Imap_Client library.
[mms] Use Gnumeric package to render MS Excel files.
[mms] Use AbiWord package to render MS Word files.
[cjh] Remove sapdb session handler backend.
[jan] Add share locking (Alfonso Marín Marín <almarin@um.es>).
[cjh] Remove javascript popup alarms.
[cjh] Update the Auth_passwd driver's add/update/remove user implementations
(Bug #7810).
[cjh] Add a Horde_Routes dispatcher for Rampage applications.
[mjr] Fix a possible infinite loop with certain recurring events in Horde_Date.
[jan] Use DateTime internally in Horde_Date.
-------
v3.3.12
-------
[jan] Convert charset of group names in SQL driver (Bug #9611).
[jan] Fix deleting of SyncML anchors if PHP short_open_tag is off (Bug #9349).
[jan] Add an experimental new Share SQL driver with better performance.
[jan] Fix integer overflow in ASN.1 parser for S/MIME messages.
[jan] Fix splitread database usage in VFS (Bug #9467).
[jan] Fix invalidating permission cache in SQL driver (Bug #9392).
-------
v3.3.11
-------
[mms] SECURITY: Fix XSS when viewing details of a vCard.
[jan] Fix exporting recurrence exceptions to vCalendar 1.0.
[jan] Skip event status synchronization with Outlook, which is broken.
[jan] Don't send SIF data to recent Funambol clients, unless requested.
[jan] Log all queries and errors by the history library.
-------
v3.3.10
-------
[jan] Fix searching DataTree elements (groups) if backend charset is different
from interface charset (Bug #9323).
[mms] Fix accessing IMAP ACLs that contain non-alphanumeric characters (Bug
#9299).
[jan] Avoid fatal errors when using DateTime with not properly configured PHP
5.3+ (Bug #9312).
[jan] Fix importing recurrence exceptions from vCalendar 1.0.
[mms] Fix preferences management regression (Bug #9289).
[jan] Fix conversion of all-day events and certain yearly recurring events for
Funambol clients.
[mms] Fix memcache cache regression (Bug #9279).
[jan] Fix SyncML page sometimes deleting more anchors than selected.
------
v3.3.9
------
[jan] SECURITY: Add token protection to preference forms.
[mms] SECURITY: Fix XSS in util/icon_browser.php.
[mms] Fix generating RFC 2231 parameters with charset information (Bug #9212).
[mms] On invalid token during logout, redirect to initial page (Bug #7669).
[mjr] Don't allow fixed blocks to be changed to another type (Bug #9141).
[jan] Show future alarms in the alarm management screen too.
[mjr] Fix bug in Horde_Cache that would prevent cache entries from being
expired in certain cases, and prevent cache key collisions.
------
v3.3.8
------
[jan] Fix framework include path.
------
v3.3.7
------
[mjr] Fix issue in Horde_Image that would cause generated images to lose
transparency in certain situations.
[jan] Allow to update existing identities while requiring email confirmation
(Sebastian Rettenberger, Bug #8877).
[jan] Fix casting errors when using SQL shares and groups on PostgreSQL (Bug
#8899).
[gwr] Allow conf.d style directory configuration overriding (Request #8172).
[jan] Fix sending alarms to multiple users (Bug #8821).
[mms] Fix display of S/MIME certificate data (Bug #8826).
[mjr] Fix bug in Horde_Image that caused polaroid effect to fail on really old
ImageMagick versions (earlier then 6.3.2).
[jan] Work around Funambol clients requiring a "configuration" database (Bug