Security release
No
- Updated version strings
- Whitelisted redirect destinations in Form::redirect
- Whitelisted destinations in bin/mozilla/am.pl
- Limited logout redirect destinations
- Whitelisted directories and file extensions used by the template editor
- Converted the template editor to using 3-arg open
- Limited configurable preferences in save_preferences
- Moved (error|info)_function strings from $form into environment variables
- Converted opens of $form->{IN} to 3-arg open in form printing
- User config items are now truncated at first newline when saving
- Converted username check in config load from regex to string comparison
- Added directory traversal check to username used in $USER.conf generation
Release