- Scenarios `subscribe.*` and `unsubscribe.*`: Now authentication by target user is required when anonymous/other user requested these actions [\#390](https://github.com/sympa-community/sympa/pull/390). Previously, if "open" scenario was used, an anonymous user on web interface could add subscriber without confirmation.
- Scenarios:`subscribe.*` and `unsubscribe.*` were modified. Now authentication by target user is required when an anonymous/other user requested these actions [\#390](https://github.com/sympa-community/sympa/pull/390). Previously, if "open" scenario was used, an anonymous user on web interface could add subscriber without confirmation.
- WWSympa: Home-made color picker in CSS configuration page was replaced with external plugin [jQuery MiniColors](https://labs.abeautifulsite.net/jquery-minicolors/)[\#369](https://github.com/sympa-community/sympa/pull/369).
- WWSympa: `referer` and `failure_refarer` parameters fed to login form (see [documentation](https://sympa-community.github.io/manual/customize/authentication-web.html#sharing-wwsympas-authentication-with-other-applications) for details) are limited within scope of `cookie_domain` to prevent XSS / open redirect [\#268](https://github.com/sympa-community/sympa/issues/268).
- Default value of `--with-lockdir` option for `configure` script became `/var/lock/subsys` not according to `localstatedir`[\#403](https://github.com/sympa-community/sympa/pull/403).
- Some Systemd unit files generated by source package were renamed: `wwsympa.service` and `sympasoap.service`[\#406](https://github.com/sympa-community/sympa/pull/406).
- WWSympa: `referer` and `failure_referer` parameters fed to login form (see [documentation](https://sympa-community.github.io/manual/customize/authentication-web.html#sharing-wwsympas-authentication-with-other-applications) for details) are limited within scope of `cookie_domain` parameter value to prevent XSS / open redirect [\#268](https://github.com/sympa-community/sympa/issues/268).
- WWSympa: HTMLArea is no longer supported [\#416](https://github.com/sympa-community/sympa/pull/416).
- Configure script: Default value of `--with-lockdir` option became `/var/lock/subsys` not according to `localstatedir`[\#403](https://github.com/sympa-community/sympa/pull/403).
- Systemd support: Some unit files generated by source package were renamed: `wwsympa.service` and `sympasoap.service`[\#406](https://github.com/sympa-community/sympa/pull/406).
- Database: Sybase (Adaptive Server Enterprise) is no longer supported [\#147](https://github.com/sympa-community/sympa/issues/147). It is reported that none uses it.
- Domain without available wwsympa\_url parameter should deny web access [\#405](https://github.com/sympa-community/sympa/pull/405)([ikedas](https://github.com/ikedas))
- Domain without available `wwsympa_url` parameter should deny web access [\#405](https://github.com/sympa-community/sympa/pull/405)([ikedas](https://github.com/ikedas))
- Let the default of `--with-lockdir` be `/var/lock/subsys` always [\#403](https://github.com/sympa-community/sympa/pull/403)([ikedas](https://github.com/ikedas))
**Fixed bugs:**
...
...
@@ -31,8 +33,13 @@
**Closed issues:**
- create_db.Sybase still useful ? [\#147](https://github.com/sympa-community/sympa/issues/147)
- Issues with sending mails using special French characters [\#178](https://github.com/sympa-community/sympa/issues/178)
**Merged pull requests:**
- Drop support for htmlArea [\#416](https://github.com/sympa-community/sympa/pull/416)([ikedas](https://github.com/ikedas))