Release Notes/1.1.9

From Davical
< Release Notes
Revision as of 01:19, 4 December 2019 by Fenton (talk | contribs) (Release notes for version 1.1.9)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search
(released 2019-12-03)

This release fixes several important security issues and should be installed by all installations. It also includes miscellaneous other changes received during 2019.

Prerequisites for Upgrade

Upgrades of Other Software

  • AWL 0.60 is recommended for use with this version (as with version 1.1.8)

Changes

Bug Fixes

  • Corrects reflected cross-site scripting (XSS) vulnerability
  • Corrects persistent XSS vulnerability in user/group/resource details
  • Corrects persistent XSS vulnerability in user/group/resource list
  • Adds token to address cross-site request forgery (CSRF) vulnerability
  • Corrects syntax error in name of collection_id
  • Make calquery aware of default timezone
  • Corrections to range-based calendar queries
  • Add missing 'break' to rrule.php

Other Changes

  • Updated PHP version requirement

Downloading DAViCal

DAViCal 1.1.9: https://www.davical.org/downloads/davical_1.1.9.orig.tar.xz

AWL 0.60: https://www.davical.org/downloads/awl_0.60.orig.tar.xz

See Downloading

Known Issues

Subsequently Fixed in Git

  • None

Outstanding

  • None known.