[Svn] [roundcube/roundcubemail] d0d8c1: Fix security issue where it was possible to bypass...

Aleksander Machniak noreply at github.com
Tue Aug 27 19:16:14 CEST 2019


  Branch: refs/heads/release-1.3
  Home:   https://github.com/roundcube/roundcubemail
  Commit: d0d8c1ace58ef04668986f53c435a629924db549
      https://github.com/roundcube/roundcubemail/commit/d0d8c1ace58ef04668986f53c435a629924db549
  Author: Aleksander Machniak <alec at alec.pl>
  Date:   2019-08-27 (Tue, 27 Aug 2019)

  Changed paths:
    M CHANGELOG
    M program/lib/Roundcube/rcube_utils.php
    M tests/Framework/Utils.php

  Log Message:
  -----------
  Fix security issue where it was possible to bypass the position:fixed CSS check in received messages (#6898)


  Commit: c0c42d107566da89113462f465c1ebcd70bc3b7b
      https://github.com/roundcube/roundcubemail/commit/c0c42d107566da89113462f465c1ebcd70bc3b7b
  Author: Aleksander Machniak <alec at alec.pl>
  Date:   2019-08-27 (Tue, 27 Aug 2019)

  Changed paths:
    M CHANGELOG
    M program/lib/Roundcube/rcube_utils.php
    M tests/Framework/Utils.php

  Log Message:
  -----------
  Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899)


  Commit: 554a20fe49fe5e4b4e835edaf3d7158df7d6c6af
      https://github.com/roundcube/roundcubemail/commit/554a20fe49fe5e4b4e835edaf3d7158df7d6c6af
  Author: Aleksander Machniak <alec at alec.pl>
  Date:   2019-08-27 (Tue, 27 Aug 2019)

  Changed paths:
    M CHANGELOG
    M program/lib/Roundcube/rcube_utils.php
    M tests/Framework/Utils.php

  Log Message:
  -----------
  Fix security issue where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897)


  Commit: 2348899a3fc4bcc44827d1911870a452ae6014ea
      https://github.com/roundcube/roundcubemail/commit/2348899a3fc4bcc44827d1911870a452ae6014ea
  Author: Aleksander Machniak <alec at alec.pl>
  Date:   2019-08-27 (Tue, 27 Aug 2019)

  Changed paths:
    M CHANGELOG
    M program/lib/Roundcube/rcube_washtml.php
    M tests/Framework/Washtml.php

  Log Message:
  -----------
  Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896)


Compare: https://github.com/roundcube/roundcubemail/compare/f2e610dbe5fa...2348899a3fc4


More information about the svn mailing list