Releases: horde/Core
Release list
3.2.0
fix(core): address review - inject logger and stop folder loss on hard IMAP errors
fix(core): stop ActiveSync log spam and folder loss on IMAP outage
feat(core): reconnect IMAP for ActiveSync mail via mail API
fix(prefs): guard config-file storage against null $registry global
i18n(perms): update de translations for negative-permissions admin UI
feat(perms): add negative-permissions admin UI with tri-state controls
fix(service): decouple group and permission factories from legacy $conf globals
feat(config): expose RegistryConfigCompiler through injector factory
feat(config): compile registry to a single artifact with vhost slots and load it via a short-circuit
3.1.0
fix(core): bind owning app gettext domain and cover modern topbar builder
fix(core): resolve topbar/prefs app names with dgettext against owning app's domain
feat(core): throttle ActiveSync auth and harden user resolution
Merge pull request #188 from horde/fix/hasperm-show-skip-transparent-auth
test(registry): add hasPermission and listApps auth unit tests
perf(registry): skip transparent auth for SHOW checks and menu enumeration
fix: Some apps didn't show their preferences due to caching order
Use firstDescendant() to avoid an extra wrapper node
Resolve id strings before wrapping as HTML
Fix RedBox.showHtml() with HTML string content
3.0.1
3.0.0
style: php-cs-fixer
Rework: theme declares which apps it covers (per-app fallback opt-out)
Address review: guard theme name against path traversal, short-circuit checks
Let a theme opt out of the default-theme CSS fallback
fix(ajax): rotate CSRF token on every successful AJAX response (horde/base#99)
feat(session): HKDF per-session key with three-state key_format
fix(core): emit raw URLs in JS and JSON configuration
fix(smartmobile): align portal link with modern URL-escaping convention
refactor(Core): unwire deprecated HashTable wrapper from Cache factory
fix: prevent double HTML encoding of logout URL in smartmobile header
feat(core): add SessionApiMetaRenderer and wire it into Horde_PageOutput
feat(core): add SessionLifetimeMiddleware touching _last_seen and emitting telemetry headers
feat(core): add CsrfRotationMiddleware emitting X-Csrf-Token
feat(core): JwtSessionLoader handles Authorization: Bearer alongside cookie
feat(core): add NoopController for middleware-driven routes
fix: Don't cache outdated/changed prefs in session
fix(core): keep encrypted session slots readable across key drift (imp #66)
3.0.0-RC11
refactor: Move Horde_Exception_AuthenticationFailure to Horde/Exception
feat(core): resolve ActiveSync task series master for instance updates
feat(core): resolve ActiveSync task series master for instance updates
3.0.0-RC10
fix: Ensure absolute URLs from registry are used correctly in withAppWebroot & friends
fix(core): popup CSRF without SID in URL query
fix(core): add CSRF token to HordePopup.popup at click time
fix(core): honor FILTERTYPE_INCOMPLETETASKS in task sync
fix(core): honor FILTERTYPE_INCOMPLETETASKS in task sync
feat(core): pass ActiveSync sync config to driver
feat(core): pass ActiveSync sync config to driver
Merge pull request #168 from horde/feat/polish_EAS16.1
Potential fix for pull request finding
Merge pull request #169 from horde/fix/portal-layout-csrf-token
refactor(core): inject session for portal layout CSRF check
Add meeting response proposal tests
fix(core): validate portal layout CSRF with session checkToken
Implement attendee counter-proposal storage
Merge pull request #167 from horde/fix/redbox-autocompleter-dialog-reopen
Delete doc/pr directory
fix(core): harden RedBox and autocompleter dialog DOM handling
fix(activesync): honor per-user EAS 16.1 permission in versionCallback
feat(core): add EAS 16.1 meeting proposal handling in MeetingResponse
fix(session): guard session_destroy() when no active PHP session
Merge pull request #164 from horde/fix/map_OSM
Update js/map/osm.js
Update js/map/ocm.js
Update js/map/owm.js
Merge pull request #163 from horde/feat/finish_EAS16.0
fix(maps): allow OSM tile Referer and use HTTPS tile URLs
feat(activesync): EAS 16.0 draft sync and calendar initial-sync in core driver
refactor: shrink base factory class to accept "Injector" (of which Horde_Injector is a duck type)
3.0.0-RC9
fix(core): improve MeetingResponse for EAS 16 LongId and recurring instances
Merge pull request #156 from horde/docs/session-handling-shutdown-marker
test(session): exercise deadline-elapsed rotation end-to-end
feat(session): add HordeSession::clearScope and clearScopeWithPrefixes
docs(session): document load failure modes and ATTRIBUTE_SESSION constant
docs(session): note shutdown-skips-mirror on isDestroyed
fix(session): SessionLifecycle::shutdown skips mirror when destroyed
docs(session): address PR #155 review comments
test(jwt): clean up deprecations and notices in migrated tests
test(session): lock HordeSessionMiddleware Set-Cookie wire format
refactor(session): centralise regeneration-deadline math on SessionConfig
refactor(session): drop relogin guard from Horde_Session shim
fix(session): converge _r regenerate-deadline shape across all writers
docs(session): fill in SESSION_HANDLING for app developers and LLMs
fix(session): converge _b begin-slot shape across all writers
feat(session): make SessionLifecycle::setup idempotent
feat(session): add cookieDisabled mode to SessionConfig
refactor(registry): clearAuth resolves SessionLifecycle via injector
test(jwt): migrate JwtService, JwtServiceFactory, JwtAuthMiddleware tests from base
refactor(jwt): drop base JwtService binding from DefaultInjectorBindings
fix(registry): clearAuth removes literal 'auth' instead of auth/ keys
Merge pull request #152 from horde/fix/EAS16_draft_mail
fix(activesync): parse MIME draft bodies and replace drafts on Change
fixup! fix(session): type SessionLifecycle secret against an interface
feat(session): wire DefaultSessionSerializer in SessionHandlerFactory
fix(session): type SessionLifecycle secret against an interface
fix(config): autowire State outside HordeCore bootstrap
fix(jwt): wire JwtService autowiring for modern routes
feat(middleware): add HordeSessionMiddleware for modern PSR-15 routes
refactor(session): SessionLifecycle consumes SessionConfig instead of State
fixup! feat(session): add SessionConfig value object built by SessionConfigFactory
feat(middleware): add JwtSessionLoader for modern PSR-15 routes
feat(auth): add HasCredentialsState/InvalidationReason on AuthCredentialStore
feat(session): add SessionConfig value object built by SessionConfigFactory
refactor(session): make Horde_Session shim delegate to SessionLifecycle
feat(session): add processFlags() engine on SessionLifecycle
refactor(session): make SessionLifecycle Registry-agnostic
feat: Move the ShareBase factory to a Horde_Shutdown task
fix(activesync): map MeetingResponse InstanceId to RECURRENCE-ID
refactor(logintasks): Run LoginTasks through Horde_Shutdown rather than php's register_shutdown
feat: Add an "ultimate" slot for the Horde_Session shim
fix(core): use ActiveSync user identity for meeting iTip reply
fix: Mirror the guard against not-yet-started sessions from the shim9
feat: Add lifecycle flags to HordeSession to indicate scheduled regeneration and marking a session as destroyed
feat(session): Improve upon previous #144 fix
fix(session): harden login bootstrap and credential reads
feat: Add a SessionLifecycle utility
3.0.0-RC8
refactor(registry): Port Registry data and token sites off shim
refactor(block): Port Block_Layout_Manager CSRF check to Horde\Token\Token
refactor(auth): Port Auth_Application view-init check to HordeSession
refactor(registry): Port Registry_Application::updateSessVars to HordeSession
refactor(prefs): Port Factory_Prefs no_prefs flag to HordeSession
refactor(config): Port Horde_Config session fallback to HordeSession
refactor(logintasks): Port LoginTasks to HordeSession
refactor(logintasks): Port LoginTasks_Backend_Horde to HordeSession
refactor(token): Resolve session via HordeSession in legacy create()
refactor: Explicitly flush the HordeSession to the backend on request shutdown.
refactor: Get the AuthCredentialStore encryptor via injector
refactor(auth): Introduce AuthCredentialStore; Registry delegates
refactor(session): Adopt Horde_Pack natively in HordeSession
feat(core): wire EAS 16.0 Find command to IMP search backend
test(assets): Tighten PrefsThemeResolver and CascadeGraphic mocks
test(factory): Remove Kolab Session and Server placeholder tests
test(mocks): Tighten expectations across four notice-heavy files
test(page-output): Tighten ResponsiveChromeRendererTest mock expectations
test(active-sync): Tighten driver-mock expectations across two files
test(coverage): Upgrade CoversNothing to CoversClass/CoversMethod
test(topbar): Tighten TopbarBuilder mock expectations
test(page-output): Tighten DesktopChromeRendererTest mock expectations
refactor(horde): Port src/Horde.php gc_tempfiles to HordeSession
refactor(registry): Port Horde_Registry_Nlsconfig to HordeSession
refactor(registry): Port Horde_Registry_Logout to HordeSession
refactor(ui): Port Horde_Core_Ui_Language to HordeSession
refactor(tree): Port Horde_Core_Tree_Renderer_Javascript to HordeSession
refactor(prefs): Port Horde_Core_Prefs_Ui to HordeSession
refactor(prefs): Port Horde_Core_Prefs_Cache_Session to HordeSession
refactor(share): Port Horde_Core_Factory_ShareBase to HordeSession
refactor(alarm): Port Horde_Core_Factory_Alarm to HordeSession
refactor(tagbrowser): Port Horde_Core_TagBrowser to HordeSession
refactor(notification): Port Horde_Core_Notification_Handler to HordeSession
test(sidebar): Tighten SidebarBuilderTest mock expectations
test(page-output): Tighten ViewModeConfiguratorTest mock expectations
test(active-sync): Tighten DriverVersionCallbackTest mock expectations
test(page-output): Tighten RenderingModeResolverTest mock expectations
test(factory): Tighten SessionHandlerFactoryTest mock expectations
test(config): Surface deprecation, notice, error, warning details
test(integration): Update RampageIntegrationTest to current router shape
refactor(notification): Port Horde_Core_Notification_Storage_Session to HordeSession
refactor(hashtable): Port Horde_Core_HashTable_PersistentSession to HordeSession
refactor(cache): Port Horde_Core_Cache_Session to HordeSession
refactor(ajax): Use Horde\Token\Token for the AJAX request token check
refactor(pageoutput): Use Horde\Token\Token for the JS-exposed CSRF token
refactor(middleware): Port ConditionalCsrfMiddleware to Horde\Token\Token
refactor(middleware): Port DemandSessionToken to Horde\Token\Token
refactor(session/csrf): Move the constant for the CSRF seed string from Horde_Session to HordeSession
refactor(sessions): Simplify registry bootstrap of sessions
chore(metadata): Drop kolab dev-dependencies and add horde/form.
test: Fix various tests outdated by refactorings
feat: Make StrftimeDetector signature support what the phpdoc comments hint at
refactor(session): reshape Horde_Session as shim over modern PSR-4 stack
refactor(Core): use sha1(session_id()) instead of getToken() as session cache prefix
fix(Core): correct SessionStorageBackend namespace in SessionHandlerFactory
feat(Core): TokenServiceFactory exposes named secret-source methods
refactor(Core): deprecate legacy HashTable factory and Wrapper
refactor(Core): Cache factory prefers modern Horde\HashTable when available
feat(Core): prefer ModernHashtableBackend in SessionHandlerFactory
3.0.0-RC7
3.0.0-RC6
fix(security): restrict unserialize allowed_classes (ZDI-20-1051)
feat: Amend jcdelepine's previous patch for the very odd chance somebody does HTTPS on 80 or HTTP on 443
feat(hashtable): delegate Redis client creation to HashTable package
fix: Strip default port from Url
Merge pull request #126 from horde/fix/notes_deletion
Modify notes_delete to include notepad parameter
Refactor notes deletion to handle exceptions individually
Merge pull request #124 from horde/fix/misc
Refactor SimpleFormatter initialization in LogHandlerFactory
Handle missing config values in prefs loading
Check for flags before modifying results array