Resolved Bugs
1241056 – CVE-2015-5381 CVE-2015-5382 CVE-2015-5383 roundcubemail: vulnerabilities fixed in 1.1.2 and 1.0.6
1241058 – CVE-2015-5383 CVE-2015-5382 CVE-2015-5381 roundcubemail: vulnerabilities fixed in 1.1.2 and 1.0.6 [epel-all]<br
**Release 1.1.2**
* Add new plugin hook ‘identity_create_after’ providing the ID of the inserted identity (#1490358)
* Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below]
* Fix handling of %-encoded entities in mailto: URLs (#1490346)
* Fix zipped messages downloads after selecting all messages in a folder (#1490339)
* Fix vpopmaild driver of password plugin
* Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#1490343)
* Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#1490337)
* Fix message list header in classic skin on window resize in Internet Explorer (#1490213)
* Fix so text/calendar parts are listed as attachments even if not marked as such (#1490325)
* Fix lack of signature separator for plain text signatures in html mode (#1490352)
* Fix font artifact in Google Chrome on Windows (#1490353)
* Fix bug where forced extwin page reload could exit from the extwin mode (#1490350)
* Fix bug where some unrelated attachments in multipart/related message were not listed (#1490355)
* Fix mouseup event handling when dragging a list record (#1490359)
* Fix bug where preview_pane setting wasn’t always saved into user preferences (#1490362)
* Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#1490372)
* Fix security issue in contact photo handling (#1490379)
* Fix possible memcache/apc cache data consistency issues (#1490390)
* Fix bug where imap_conn_options were ignored in IMAP connection test (#1490392)
* Fix bug where some files could have “executable” extension when stored in temp folder (#1490377)
* Fix attached file path unsetting in database_attachments plugin (#1490393)
* Fix issues when using moduserprefs.sh without –user argument (#1490399)
* Fix potential info disclosure issue by protecting directory access (#1490378)
* Fix blank image in html_signature when saving identity changes (#1490412)
* Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)
* Fix XSS vulnerability in _mbox argument handling (#1490417)