Fixed
- Check file paths in Zipper before extracting files (Security)
- Add
csrf_tokento OAuth Disconnect link (Security) - Sanitize
$attachments_to_removewhen deleting attachments (Security) - Check permissions when setting
chat_start_newfor a mailbox (Security) - Check permissions for assigned-only users when editing drafts (Security)
- Check permissions when assigned-only user is editing customer message (Security)
- Fixed
compact() - Undefined variable operator(#5308) - For assigned-only users show only assigned conversations in the Search (Security)
- Make conversation Unassigned when moving it if its assignee does not have access to the target mailbox (#5333)
- Fix error on creating a user (#5337)
- Fixed 403 error in open tracking pixel (#5334)
- Fixed saving Sending and Fetching passwords (#5339)