If you are running cron jobs via special URL make sure to use the updated URL after installing this release.
Added
- Added
mailbox.sidebar.buttonshook (#5316)
Fixed
- Change attachment token generation algorythm (Security)
- Take into account
limit_user_customer_visibilityparameter inload_customer_infoload_customer_infoAjax action (Security) - Fixed "Call to a member function close()" on string in Zipper.
- Strip tags from name when creating a user (Security)
- Escape user name in flash message when deleting a user (Security)
- Strip also style tags in
Helper::stripDangerousTags(). - Apply
safe_raw_html()function to{!! ... !!}(Security) - Improved joining customer messages into conversations on Fetching (#5308)
- Improve
Helper::getWebCronHash(). - Escape customer name in the
reply_fancyemail template (Security) - Limit fields which can be populated on mailbox Fetching and Sending settings pages (Security)
- Require
mod_headers(if Apache is used) to download files from/storage/uploads/. - Added
CheckBrowsermiddleware ensuring that browser supports CSP. - Validate
hostin mail Fetching and Sending settings (Security) - Send emails to all recipients when forwarding to multiple recipients (#5322)
- Escape values in
Helper::linkify()(Security)
Changed
- Check attachment name in the URL when downloading attachments.