[RCD] Update 1.0.4 released
thomas at roundcube.net
Mon Dec 22 12:06:48 CET 2014
On Mon, Dec 22, 2014 at 11:27 AM, Cor Bosman <cor at xs4all.nl> wrote:
> * Security: Fix possible CSRF attacks to some address book operations
> as well as to the ACL and Managesieve plugins.
> * Fix attachments encoded in TNEF containers (from Outlook)
> * Fix compatibility with PHP 5.2
> Hi Thomas, was this supposed to fix the uudecode problem as well?
No it wasn't. We didn't have a ticket nor time to investigate your
post which just came in the day before the release.
> 1.0.4 still breaks any message containing the simple string 'foobar begin 2015
> In dutch this is a very common set of words, as it translates to 'early
> 2015'. The problem is that the match for uuparts is too simple.
> I created a PR off of 1.0-release to fix this problem.
Thanks for this! We'll review it as soon as possible.
> In master this is handled differently, and it doesnt seem to fail, even
> though the matching for a uu encoded part could be improved there as well,
Maybe Alec can explain why commit
refactors the uuencode part in git master without being mentioned in
the commit message.
More information about the dev