The Alinto team is pleased to announce the immediate availability of SOGo v5.12.5. This is a minor release of SOGo with bug fixes.
Several vulnerability fixes
Thanks to the community to find them and report them. If it happens, you can send a mail to bugs@sogo.nu.
- vulnerability: prevent javascript injection with hint query (e821b20)
- vulnerability: prevent sogo to execute scripts in theme query (16ab99e)
- vulnerability: prevent xss with events, tasks and contacts categories (e9b3f2a)
- vulnerability: properly change the totp code after disabling it (83d4c52)
Bug Fixes
- contact: research with two dots like Ä now works
- db: increase some column size for new databases (f8638a3)
- encryptedUrl: fix cache key data and expect uncrypted name for freebusy (95efe73)
- event: also add jitsi url in the location as outlook doesn't support attach url (7876013)
- identity: fix signature when changing identity (71d865b)
- login: prevent user search for login keyword (6f91600)
- Mail: correctly update quota when refreshing (af984f5)
- mail: use the correct replyTo when set to a non*default identity (03fa91d)
- minsearch: fix instance of minsearch (d7e5165)
- tool: rename-user properly change data in c_defaults and c_settings (d69f55c)
- trad: typo in a translation key (e2b8494)
- ui: prevent UI to search for users with empty string (389e8e6)