SOGo v2.4.2 released
April 4, 2022

The Inverse team is pleased to announce the immediate availability of SOGo v2.4.2. This is a minor release of SOGo which focuses on various enhancements and improved stability over previous versions.

Bug Fixes

  • calendar(dav): add DAV:status to DAV:response only when deleted (9bffee2), closes #5163
  • calendar(dav): add method attribute to content-type of iTIP reply (3e96d68), closes #5320
  • core: add security flags to cookies (HttpOnly, secure) (0f3d7dc), closes #4525
  • core: fix GCC 10 compatibility (dc4fdb2), closes #5029
  • core: only escape “%” with the SQL LIKE operator (2389e44)
  • eas: gcc v10 compat fixes (fixes #5029) (3d2e5ad)
  • mail(css): restrict the viewport of the message body viewer (e528096)
  • mail(html): ban “javascript:” prefix in href, action and formaction (dd7dd49)
  • mail(js): ban all “on*” events attributes from HTML tags (f38eded)
  • mail: don’t allow XML inline attachments (3c85dbd)

See the complete change log.

Back to 2022