Release Notes/1.1.9.1

From Davical
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Template:ReleasedTemplate:TOCright

This release fixes several important security issues and should be installed by all installations. It also includes miscellaneous other changes received during 2019.

This version includes a correction to version 1.1.9 to add a function that had gone missing from htdocs/always.php

Prerequisites for Upgrade

Upgrades of Other Software

  • AWL 0.60 is recommended for use with this version (as with version 1.1.8)

Changes

Bug Fixes

  • Corrects reflected cross-site scripting (XSS) vulnerability
  • Corrects persistent XSS vulnerability in user/group/resource details
  • Corrects persistent XSS vulnerability in user/group/resource list
  • Adds token to address cross-site request forgery (CSRF) vulnerability
  • Corrects syntax error in name of collection_id
  • Make calquery aware of default timezone
  • Corrections to range-based calendar queries
  • Add missing 'break' to rrule.php

Other Changes

  • Updated PHP version requirement

Downloading DAViCal

DAViCal 1.1.9.1: https://www.davical.org/downloads/davical_1.1.9.1.orig.tar.xz

AWL 0.60: https://www.davical.org/downloads/awl_0.60.orig.tar.xz

See Downloading

Known Issues

Subsequently Fixed in Git

  • None

Outstanding

  • None known.
Retrieved from "https://wiki.davical.org/index.php?title=Release_Notes/1.1.9.1&oldid=3796"