All releases tagged Minor security fixes
Release Notes: XSS vulnerabilities in the search screen and thread view have been fixed. Displaying of PGP messages has been improved. mailto: links in HTML email messages are turned into IMP compose links. Small improvements have been made to the iCalendar/iTip handler. Compatibility with Internet Explorer 7 has been improved. Several small bugfixes and improvements have been made. Brazilian Portuguese, Catalan, Dutch, German, Portuguese, and Traditional Chinese translations have been updated.
Release Notes: A server configuration option to limit the number of login attempts has been added. A link to view attached S/MIME key details has been added. Escaping of folder names has been fixed. Catalan, German, and Slovenian translations have been updated. Several small bugfixes and improvements have been made.
Release Notes: Escaping of folder names has been fixed. The French translation has been fixed.
Release Notes: Display of small MIME parts with some translations has been fixed. The "Save as" link to save message sources has been fixed. The Arabic (Syria) translation has been updated.
Release Notes: This release fixes potential XSS vulnerabilities when viewing HTML messages. The Slovak and Slovenian translations have been updated.
Release Notes: This release fixes a potential XSS vulnerability exploited via the HTML+TIME feature of Internet Explorer. It also fixes a cosmetic issue which caused inline CSS code in HTML messages to not be filtered out completely and another related to escaped double quotes on some broken mail servers. The Estonian and German translations have been updated.
Release Notes: This release contains a fix for a potential XSS vulnerability exploited via the Content-type header of malicious email messages. Better support for folder names in non-ASCII charsets has also been added, as well as minor fixes for saving drafts and viewing HTML messages.
- 02 Sep 2003 19:23
Release Notes: This version contains a few small XSS fixes in the HTML attachment viewer, a fix for interactions between PHP's magic_quotes setting and password input, and several new translations: Syrian and Oman Arabic, Macedonian, Thai, and Icelandic.
Release Notes: This release prevents some potential cross-site scripting (CSS) attacks. Site administrators should consider upgrading to IMP 3, but if this is not possible, IMP 2.2.8 should be used to prevent these potential attacks. This release also has an update for Informix.
Release Notes: This minor release fixes a potential session hijacking vulnerability using a cross-site scripting (CSS) attack, and also contains a new Chinese (Simplified) translation.
