Prepare releases.

horde · Aug 1, 2017 · ce1658d · ce1658d
1 parent 8e5dd83
commit ce1658d
Show file tree

Hide file tree

Showing 3 changed files with 105 additions and 13 deletions.
diff --git a/docs/CHANGES b/docs/CHANGES
@@ -2,6 +2,100 @@
 v5.2.21-git
 -----------
 
+[jan] SECURITY: Fix open redirects.
+[jan] Update Turkish translations (İTÜ BİDB <sistemdestek@itu.edu.tr>).
+
+Mail Changes
+------------
+[jan] Fix finding reply or forward text from signed or encrypted messages with
+      HTML content again (Bug #14656).
+[mjr] Fix issue with reattaching a file after removing it on Chrome browsers
+      (Bug #14657),
+[jan] Allow Command-C to copy text from HTML message previews (Bug #14653).
+
+Address Book Changes
+--------------------
+[jan] Fix creating address books with the external API.
+
+Calendar Changes
+----------------
+[mjr] Prevent broken iCalendar files from causing fatal errors (Bug #14672).
+[jan] Work around calendar servers advertising as CalDAV-capable, but ignoring
+      CalDAV requests (Bug #14662).
+[jan] Fix displaying yesterday's event in Prior Events portal block
+      (admin@layertec.de, Bug #14638).
+
+Tasks Changes
+-------------
+[mjr] Fix handling of delayed start dates (Bug #14634).
+
+File Manager Changes
+--------------------
+[jan] Fix redirection after logins with Horde 5.2.16 and later.
+
+Library Changes
+---------------
+ActiveSync
+[mjr] Fix undefined constant error (Bug #14671).
+[mjr] Improve support for android Gmail application (Bug #14655).
+[mjr] Fix undefined property warnings (Bug #14631).
+
+Alarm
+[jan] Fix catching database backend exceptions.
+
+Browser
+[jan] Filter out control characters from file names when sending download
+      headers.
+
+Cli
+[jan] Fix returning to normal font after text with light colors.
+[jan] Fix fatal error screen for PHP 7 error objects.
+[jan] Fix header() method to print, not return the header.
+[jan] Really silence errors from tput and stty (Bug #14632).
+[jan] Silence errors from tput and stty (Bug #14632).
+
+Core
+[jan] SECURITY: Fix XSS vulnerability with pathinfo component in
+      Horde::selfUrl().
+[jan] Deprecate Horde::redirect().
+[jan] Add Horde::signUrl() and Horde::verifySignedUrl().
+[jan] Fix JavaScript minifying with recent Closure compilers (Bug #14650).
+[jan] Add Horde_Registry_Application#backup(), restore(), and
+      restoreDependencies().
+[mjr] Fix calculating ActiveSync SOFTDELETE times for calendar collections (Bug
+      #14631).
+
+Crypt
+[jan] More fixes for GnuPG 2 (Mathieu Parent <math.parent@gmail.com>).
+[jan] Remove dependency on openssl executable (Hadi Nategh <hnategh@gmail.com>).
+
+Date
+[jan] Add Horde_Date_Recurrence::fromHash() and toHash().
+
+Form
+[jan] SECURITY: Fix XSS vulnerability with form sections.
+
+Icalendar
+[jan] Fix unescaping of commas in ADR, N, and ORG attributes.
+
+Image
+[mjr] SECURITY: Fix more potential places for command injections.
+[mjr] SECURITY: Prevent DOS attack by preventing an infinite loop in certain
+      conditions (CVE-2017-9773, reported by Fariskhi Vidyan
+      <farislab@gmail.com>).
+[mjr] SECURITY: Prevent RCE attacks by properly sanitizing shell arguments
+      (CVE-2017-9774, reported by Fariskhi Vidyan <farislab@gmail.com>).
+[jan] Add blur effect.
+
+Imap_Client
+[jan] Fix check if QRESYNC is enabled in vanished() (i.badamshin
+      <i.badamshin@i-infinite.net>).
+
+JavascriptMinify
+[jan] Add unit tests.
+
+Url
+[jan] SECURITY: Fix XSS vulnerability with pathinfo component in toString().
 
 
 -------

diff --git a/docs/RELEASE_NOTES b/docs/RELEASE_NOTES
@@ -5,7 +5,7 @@ $notes['security'] = true;
 /* Mailing list release notes. */
 $notes['changes'] = <<<ML
 The Horde Team is pleased to announce the final release of the Horde Groupware
-Webmail Edition version 5.2.20.
+Webmail Edition version 5.2.21.
 
 Horde Groupware Webmail Edition is a free, enterprise ready, browser based
 communication suite. Users can read, send and organize email messages with four
@@ -19,14 +19,12 @@ http://www.horde.org/apps/webmail/docs/UPGRADING
 For detailed installation and configuration instructions, please see
 http://www.horde.org/apps/webmail/docs/INSTALL
 
-Thanks to Andrey Zelenchuk for reporting the XSS vulnerability and for
-proposing a patch.
-
 The major changes compared to the Horde Groupware Webmail Edition version
-5.2.19 are:
+5.2.20 are:
 
 General changes:
-    * Fixed an XSS vulnerability in the filter frontend.
+    * Fixed open redirects.
+    * Fixed XSS vulnerabilities.
     * Small bugfixes and improvements.
 ML;
 

diff --git a/package.xml b/package.xml
@@ -93,21 +93,21 @@
    <package>
     <name>gollem</name>
     <channel>pear.horde.org</channel>
-    <min>3.0.10</min>
+    <min>3.0.11</min>
     <max>4.0.0alpha1</max>
     <exclude>4.0.0alpha1</exclude>
    </package>
    <package>
     <name>horde</name>
     <channel>pear.horde.org</channel>
-    <min>5.2.15</min>
+    <min>5.2.16</min>
     <max>6.0.0alpha1</max>
     <exclude>6.0.0alpha1</exclude>
    </package>
    <package>
     <name>imp</name>
     <channel>pear.horde.org</channel>
-    <min>6.2.19</min>
+    <min>6.2.20</min>
     <max>7.0.0alpha1</max>
     <exclude>7.0.0alpha1</exclude>
    </package>
@@ -121,7 +121,7 @@
    <package>
     <name>kronolith</name>
     <channel>pear.horde.org</channel>
-    <min>4.2.21</min>
+    <min>4.2.22</min>
     <max>5.0.0alpha1</max>
     <exclude>5.0.0alpha1</exclude>
    </package>
@@ -135,7 +135,7 @@
    <package>
     <name>nag</name>
     <channel>pear.horde.org</channel>
-    <min>4.2.14</min>
+    <min>4.2.15</min>
     <max>5.0.0alpha1</max>
     <exclude>5.0.0alpha1</exclude>
    </package>
@@ -149,14 +149,14 @@
    <package>
     <name>trean</name>
     <channel>pear.horde.org</channel>
-    <min>1.1.7</min>
+    <min>1.1.8</min>
     <max>2.0.0alpha1</max>
     <exclude>2.0.0alpha1</exclude>
    </package>
    <package>
     <name>turba</name>
     <channel>pear.horde.org</channel>
-    <min>4.2.19</min>
+    <min>4.2.20</min>
     <max>5.0.0alpha1</max>
     <exclude>5.0.0alpha1</exclude>
    </package>