---
- branch: MAIN
  date: Thu Dec 12 08:12:27 UTC 2019
  files:
  - new: '1.42'
    old: '1.41'
    path: pkgsrc/www/davical/Makefile
    pathrev: pkgsrc/www/davical/Makefile@1.42
    type: modified
  - new: '1.12'
    old: '1.11'
    path: pkgsrc/www/davical/PLIST
    pathrev: pkgsrc/www/davical/PLIST@1.12
    type: modified
  - new: '1.17'
    old: '1.16'
    path: pkgsrc/www/davical/distinfo
    pathrev: pkgsrc/www/davical/distinfo@1.17
    type: modified
  id: 20191212T081227Z.9182037617729313beba1a8321aaad93bf054e44
  log: |
    Update www/davical to v1.1.9.2

    From upstream's changelog:

    1.1.9.2:

    Bug Fixes

        Fix CSRF not being checked in collection-edit.php

    Other Changes

        use foreach() instead of deprecated each()

    1.1.9.1:

    Bug Fixes

        Corrects reflected cross-site scripting (XSS) vulnerability
        Corrects persistent XSS vulnerability in user/group/resource details
        Corrects persistent XSS vulnerability in user/group/resource list
        Adds token to address cross-site request forgery (CSRF) vulnerability
        Corrects syntax error in name of collection_id
        Make calquery aware of default timezone
        Corrections to range-based calendar queries
        Add missing 'break' to rrule.php

    Other Changes

        Updated PHP version requirement
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/davical'
  unixtime: '1576138347'
  user: hauke