Skip to content

Commit a08bc8f

Browse files
committed
Update changelog
[skip ci]
1 parent 9a96c20 commit a08bc8f

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

CHANGELOG.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,13 @@ This file includes only changes we consider noteworthy for users, admins and plu
88
- Fix so the `oauth_password_claim` claim is retrieved via token or userinfo request (#9631)
99
- Fix bug where `static.php` would return a 416 error on a specific `Range` request (#10194)
1010
- Fix bug where configured skin logo wasn't loaded via `static.php` resulting in 404 error (#10191)
11-
- Fix an infinite loop in TNEF (winmail.dat) decoder (#10193)
1211
- Fix bug where installto.sh would fail if public_html folder does not exist in the target directory (#10202)
1312
- Revert "Prefer 8bit over quoted-printable for HTML parts, when force_7bit is disabled (#8477)" (#10198)
1413
- Fix incorrect unfolding of folded lines when importing vCard 2.1 contacts (#9647)
1514
- Fix bug where Imagick could leave large temporary files on failure (#10230)
1615
- Fix bug where redis/memcache session could have been updated more often than needed
1716
- Fix support for untyped tokens in OIDC backchannel logout, require unset `nonce` (#10097)
17+
- Security: Fix an infinite loop in TNEF (winmail.dat) decoder (#10193)
1818
- Security: Fix various vulnerabilities in the password plugin using session-injected username
1919
- Security: Fix stored XSS via unescaped attachment MIME type on the attachment-validation warning page [CVE-2026-54432]
2020
- Security: Fix SSRF bypass via specific local address URLs - two new cases

0 commit comments

Comments
 (0)