2.3.9
Security:
- Fixed XSS problem with theme names (high)
- Added CSRF check for editing password and company/role (medium)
- Secure flag is set to On for cookies when activeCollab uses HTTPS (medium)
- Login form does not re-print user password after failed authentication (medium)
Thanks to Nokia and Nixu.com for the reports
Enhancements:
- Options menu can be toggled on click (was toggled on hover only)
Bug Fixes:
- Quick-fix for issue in TinyMCE when using backspace/delete in first item in an list
