Path to this page:
Subject: CVS commit: pkgsrc/www/php-owncloud
From: Ryo ONODERA
Date: 2012-08-16 18:05:07
Message id: 20120816160507.4F188175DD@cvs.netbsd.org
Log Message:
Update to 4.0.7
* It seems that http://secunia.com/advisories/49894 and
http://secunia.com/advisories/50214 are fixed
Changelog:
Version 4.0.7 Aug 15th 2012
Show Login Button when user and password are auto-completed
Sanitize LDAP base, user and groups
Fix non active Adressbooks
Calendar: Remove double html encoding
Fix label for versioning in admin settings
Add parent directory into filecache if it ©¹doesn¡t exist
Handle non writable files correctly
Disable webfinger completely if not activated
Security: Disable user listings in DAV
Check file blacklist for file renames
Security: Fix XSS bug in Gallery
Security: Several CSRF security fixes
Security: Validate cookie to prevent auth bypasses
Special thanks to Julien Cayssol for reporting several security problems
Version 4.0.6 Aug 1th 2012
More robust LDAP integration during unexpected collisions
Fix sharing for users with @ in username
Additional error handling for emailing of private links
Cleanup old session files
Fix user space calculation
Fix Ampache authentication
Remove delete tipsy if file is deleted
Don¡t delete lot¡s of session files during DAV requests
Fix error when no adressbook is created
Check if php-ldap is installed
Security: Check for Admin user in appconfig.php
Security: Several CSRF security fixes
Version 4.0.5 July 20th 2012
Fix remember the username and autologin
Offer an option to allow sharing outside the group.
Fix for birthday format
Fixes for several encoding fixes for unicode characters
Fix invalid filesystem cache in the sharing folder
Several calendar and contacts fixes
Fix sending of emails
Several fixes in the system log
Several fixes for the external filesystem feature
Several CSRF security fixes
Files: