Release Notes/1.1.9.1

This release fixes several important security issues and should be installed by all installations. It also includes miscellaneous other changes received during 2019.

This version includes a correction to version 1.1.9 to add a function that had gone missing from htdocs/always.php

Upgrades of Other Software

 * AWL 0.60 is recommended for use with this version (as with version 1.1.8)

Bug Fixes

 * Corrects reflected cross-site scripting (XSS) vulnerability
 * Corrects persistent XSS vulnerability in user/group/resource details
 * Corrects persistent XSS vulnerability in user/group/resource list
 * Adds token to address cross-site request forgery (CSRF) vulnerability
 * Corrects syntax error in name of collection_id
 * Make calquery aware of default timezone
 * Corrections to range-based calendar queries
 * Add missing 'break' to rrule.php

Other Changes

 * Updated PHP version requirement

Downloading DAViCal
DAViCal 1.1.9.1: https://www.davical.org/downloads/davical_1.1.9.1.orig.tar.xz

AWL 0.60: https://www.davical.org/downloads/awl_0.60.orig.tar.xz

See Downloading

Subsequently Fixed in Git

 * None

Outstanding

 * None known.