Fixed
- Check customer visibility on Customer Conversations page (Security)
- Check access to mailbox when user edits customer thread (Security)
- Improve
Helper::sanitizeRemoteUrl()function (Security) - Improve sanitizing SVG images containing comments (Security)
- Include sanitized thread bodies in replies and email notifications (Security)
- Add CSP header when showing attachments.
- Hide IMAP password in fetch command debug output.
- Encrypt OAuth tokens for IMAP and SMTP.
- Encrypt modules license keys.
- Fixed
iconv_mime_decode(): Detected an illegal character in input string(#5265)
Changed
- Offer TLS encryption in Fetching and Sending settings by default.