Release Notes: This is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are advised to upgrade to this release. This release includes another round of XSS fixes, improved Excel export, translation updates, and bug fixes to the SOAP API, installation, plugin system, and email notifications.
Release Notes: This version is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are advised to upgrade to this release. This release effects a security fix to the display of inline attachments, where arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. This version also includes a range of translation updates, regression fixes, and bug fixes, including multiple SOAP API-related bugs and regressions.
Release Notes: Included with this release are a range of bugfixes, translation updates, and general improvements. Highlights include improved installation, a fixed upgrade path from 1.1.x, fixes to the URL and path detection, and updates to the plugin event system. Initial support for browser clickjacking protection has been added (both X-Frame-Options and X-Content-Security-Policy).
Release Notes: One can no longer theoretically login with a disabled account. A bug in string_sanitize_url() was fixed. Numerous MS SQL bugs were fixed. The Global Profiles list is now sorted. is_writable() in install.php was fixed. A possible redirect to blank page for new admins was fixed. A wrong strpos function call was fixed. fixed_in_version was renamed to Fixed_in_version during database migration.
Release Notes: This release can no longer send reminders to all recipients, and can again submit issues after upgrading from 0.18.2. There is an XSS fix.
Release Notes: Remaining mysqli_ install problems were fixed. mysqli_real_escape_string() no longer expects the first parameter to be link. install.php no longer assumes the mysql extension, nor does it fail with the mysqli extension. A parse error which occurred while saving a new filter was fixed.
Release Notes: This release fixes a file upload vulnerability, injection vulnerabilities in filters, an SQL injection in the "manage user" page, HTTP header CRLF injection, and port XSS vulnerability in filters.
Release Notes: Minor security fixes and bugfixes. All 1.0.0ax / 1.0.0rcx users are encouraged to upgrade.
Release Notes: This release includes security and filtering related fixes. All 1.0.0x users are encouraged to upgrade.
Release Notes: This release has over 50 issues fixed. All 1.0.0x users are recommended to upgrade.