2.2.0
This release includes fixes to several serious vulnerabilities including:
CVE-2018-18886. This fixes a serious XSS vulnerability (Reported by @joanbono). This was fixed in the master branch several weeks ago, but if you are running a prior version, including 1.x releases, you should upgrade to 2.2.0
as soon as possible.
Upgrades Rails to 4.2.11. This includes a fix to a significant security vulnerability in ActiveJob.
Other improvements in this release include:
- Bring dependencies up to date
- Improved support for forwarded emails
- Accept emails from users who use a number in the first part of their email or configured email name
- Correctly handle emails with no subject
- Add support for IMAP email
- Prevent agents from accessing API
- Harden agents ability to edit administrators
- Rename Login to Sign in
- Allow new users when admin creating an internal note