Overview
Request 337958 accepted
update to PostfixAdmin 2.3.8 (boo#949909)
Changes that were not included in the package yet:
- don't prefill username in users/ login on failed logins - fixes (probably
harmless) XSS
- fix show_gen_status() to properly escape mail addresses in query (#356)
- fix escaping in create-admin, create-mailbox and fetchmail templates -
fixes (harmless) XSS on form validation errors
- don't echo the password back to the browser in the fetchmail form
- enforce $CONF[min_password_length] in create-mailbox
Request History
cboltz created request
update to PostfixAdmin 2.3.8 (boo#949909)
Changes that were not included in the package yet:
- don't prefill username in users/ login on failed logins - fixes (probably
harmless) XSS
- fix show_gen_status() to properly escape mail addresses in query (#356)
- fix escaping in create-admin, create-mailbox and fetchmail templates -
fixes (harmless) XSS on form validation errors
- don't echo the password back to the browser in the fetchmail form
- enforce $CONF[min_password_length] in create-mailbox
maintbot accepted review
accepted
maintbot approved review
accepted
AndreasStieger accepted request
starting update