SOGo v2.4.2 released

April 4, 2022

The Inverse team is pleased to announce the immediate availability of SOGo v2.4.2. This is a minor release of SOGo which focuses on various enhancements and improved stability over previous versions.

Bug Fixes

• calendar(dav): add DAV:status to DAV:response only when deleted (9bffee2), closes #5163
• calendar(dav): add method attribute to content-type of iTIP reply (3e96d68), closes #5320
• core: add security flags to cookies (HttpOnly, secure) (0f3d7dc), closes #4525
• core: fix GCC 10 compatibility (dc4fdb2), closes #5029
• core: only escape “%” with the SQL LIKE operator (2389e44)
• eas: gcc v10 compat fixes (fixes #5029) (3d2e5ad)
• mail(css): restrict the viewport of the message body viewer (e528096)
• mail(html): ban “javascript:” prefix in href, action and formaction (dd7dd49)
• mail(js): ban all “on*” events attributes from HTML tags (f38eded)
• mail: don’t allow XML inline attachments (3c85dbd)

See the complete change log.