815d9ba0 |
1 | /***************************************************************** |
b9385398 |
2 | * Release Notes: SquirrelMail 1.5.2 * |
3 | * The "" Release * |
4 | * 2006-xx-xx * |
f7cd8eb4 |
5 | *****************************************************************/ |
6 | |
b9385398 |
7 | WARNING. If you can read this, then you are reading file from cvs and not |
f7cd8eb4 |
8 | final release notes. |
9 | |
10 | |
a67a0f59 |
11 | In this edition of SquirrelMail Release Notes: |
b3eff6ca |
12 | * All About This Release! |
13 | * Major Updates |
14 | * Security Updates |
15 | * Plugin Updates |
16 | * Possible Issues |
17 | * Backwards Incompatible Changes |
18 | * Data Directory Changes |
19 | * Reporting Your Favorite SquirrelMail Bug |
20 | |
815d9ba0 |
21 | |
b3eff6ca |
22 | All About This Release! |
23 | ======================= |
5a614456 |
24 | This is the second release of our new 1.5.x-series, which is a |
25 | DEVELOPMENT release. |
f11c804f |
26 | |
b3eff6ca |
27 | See the Major Updates section of this file for more information. |
a23d0264 |
28 | |
ef1932a4 |
29 | |
b3eff6ca |
30 | Major Updates |
3eb34ffd |
31 | ============== |
b3eff6ca |
32 | Rewritten IMAP functions and optimized IMAP data caching code. Internal |
33 | sorting functions should be faster than code used in SquirrelMail <= 1.5.0. |
34 | Together with the optimized caching code, all the logic concerning sorting has |
35 | been rewritten so that Squirrelmail can display more columns with sort support |
36 | in the messages list. I.e. the From and To column in the same view sorted on |
37 | size. Also, the number of IMAP calls is reduced by smarter caching in the IMAP |
38 | mailbox area and by the optimized header and sort cache code. Reducing the |
39 | amount of IMAP calls will lower the load on your IMAP server and increase |
5a614456 |
40 | SquirrelMail performance. |
41 | |
b3eff6ca |
42 | In-house gettext implementation replaced with PHP Gettext classes. Update adds |
f7cd8eb4 |
43 | ngettext and dgettext support. |
44 | |
b3eff6ca |
45 | Begin work on separating the SquirrelMail internal logic from user interface |
46 | related logic. This has resulted in the first (very) rough CSS-based PHP |
47 | templates. In future releases we will finish the mentioned separation and work |
48 | on simpler templates. |
5a614456 |
49 | |
b3eff6ca |
50 | Added JavaScript-based message row highlighting code (disabled by default) for |
5a614456 |
51 | faster selection of messages in the messages list. |
52 | |
b3eff6ca |
53 | Usage of a centralized error handler. Development will continue in 1.5.2. |
f7cd8eb4 |
54 | |
b3eff6ca |
55 | SquirrelMail has started using internal cookie functions in order to have more |
56 | control over cookie format. Cookies set with sqsetcookie() function now use an |
57 | extra parameter (HttpOnly) to secure cookie information by making the cookie |
58 | not accessible to scripts (particularly, JavaScript). This feature is only |
59 | supported in browsers that follow the MSDN cookie specifications (see |
60 | http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp). |
61 | Currently this is limited to IE6 >= SP1. |
53bbd9b3 |
62 | |
b3eff6ca |
63 | SquirrelMail IMAP and SMTP libraries now support use of STARTTLS extension. |
5a614456 |
64 | The code is experimental and requires PHP 5.1.0 or newer with |
b3eff6ca |
65 | stream_socket_enable_crypto() function support enabled. |
f7cd8eb4 |
66 | |
5b0931c5 |
67 | Updated wrapping functions in compose. New wrapping code improves quoting |
68 | of text chapters. Thanks to Justus Pendleton. |
f7cd8eb4 |
69 | |
b3eff6ca |
70 | Added code for advanced searching in messages. Now it's possible to switch |
5a614456 |
71 | between normal search and advanced search. |
72 | |
5b0931c5 |
73 | Main SquirrelMail code implements view_as_html and folder_settings plugin |
74 | features. These plugins should not be used in SquirrelMail 1.5.1. |
75 | |
f7cd8eb4 |
76 | |
b3eff6ca |
77 | Security Updates |
f7cd8eb4 |
78 | ================ |
5a614456 |
79 | This release contains security fixes applied to development branch after 1.5.0 |
53bbd9b3 |
80 | release: |
81 | CVE-2004-0521 - SQL injection vulnerability in address book. |
82 | CVE-2004-1036 - XSS exploit in decodeHeader function. |
83 | CVE-2005-0075 - Potential file inclusion in preference backend selection code. |
84 | CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php. |
85 | CVE-2005-0104 - Possible XSS issues in src/webmail.php. |
86 | CVE-2005-1769 - Several cross site scripting (XSS) attacks. |
87 | CVE-2005-2095 - Extraction of all POST variables in advanced identity code. |
dfce8fce |
88 | CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php. |
89 | CVE-2006-0195 - Possible XSS in MagicHTML, IE only. |
90 | CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter. |
53bbd9b3 |
91 | |
92 | If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest |
93 | stable SquirrelMail version. |
f7cd8eb4 |
94 | |
b3eff6ca |
95 | |
96 | Plugin Updates |
f7cd8eb4 |
97 | ============== |
b3eff6ca |
98 | Added site configuration options for filters, fortune, translate, newmail, |
5a614456 |
99 | bug_report plugins. Improved newmail and change_password plugins. Fixed data |
53bbd9b3 |
100 | corruption issues in calendar plugin. |
f7cd8eb4 |
101 | |
53bbd9b3 |
102 | SquirrelSpell plugin was updated to use generic SquirrelMail preference functions. |
5a614456 |
103 | User preferences and personal dictionaries that were stored in .words files are |
53bbd9b3 |
104 | moved to .pref files or other configured user data storage backend. |
f7cd8eb4 |
105 | |
106 | |
b3eff6ca |
107 | Possible Issues |
f7cd8eb4 |
108 | =============== |
5a614456 |
109 | Internal SquirrelMail cookie implementation is experimental. If you have cookie |
b3eff6ca |
110 | expiration or corruption issues and can reproduce them only in 1.5.1 version, |
111 | contact one of the SquirrelMail developers and to help them debug the issue. |
53bbd9b3 |
112 | |
683963df |
113 | SquirrelMail 1.5.1 changed some functions and hooks. login_form hook requires |
b3eff6ca |
114 | different coding style. html_top, html_bottom, internal_link hooks have been |
115 | removed. src/move_messages.php code has been moved to the main mailbox listing |
116 | script. Some hooks may be broken after implementation of templates, especially |
117 | in mailbox listing pages. soupNazi() function has been replaced with the |
118 | checkForJavascript() function. sqimap_messages_delete(), |
119 | sqimap_messages_copy(), sqimap_messages_flag() and sqimap_get_small_header() |
120 | functions are now obsolete. Some IMAP functions return data in different |
121 | format. If plugins depend on changed or removed functions, they will break in |
122 | this version of SquirrelMail. |
683963df |
123 | |
5b0931c5 |
124 | This SquirrelMail version added http headers that prevent caching of pages by |
125 | proxies. Headers are added in SquirrelMail displayHtmlHeader() function. Changes |
126 | require that html output is not started before displayHtmlHeader() is called. If |
127 | some code starts output, PHP errors will be displayed. If plugins display |
128 | notices in options_save hook and don't stop script execution on error, page |
129 | display will be broken. |
130 | |
131 | SquirrelMail 1.5.1 implemented code that unregisters globals in PHP |
b3eff6ca |
132 | register_globals=on setups. Plugins that load main SquirrelMail functions and |
133 | depend on PHP register_globals=on will be broken. |
53bbd9b3 |
134 | |
f7cd8eb4 |
135 | IMAP sorting/threading |
b3eff6ca |
136 | By default, SquirrelMail will make use of the capabilities provided by the IMAP |
5a614456 |
137 | server. This means that if the IMAP server supports SORT and THREAD sorting then |
138 | SquirrelMail makes use of it. Some broken IMAP servers advertise the SORT and |
139 | THREAD capabilities although they do not support it. For those IMAP servers |
140 | there is a config option to disable the use of SORT and THREAD sort. |
f7cd8eb4 |
141 | |
b3eff6ca |
142 | Backward Incompatible Changes |
f7cd8eb4 |
143 | ============================= |
5a614456 |
144 | Index order options are modified in 1.5.1 version. If older options are |
f7cd8eb4 |
145 | detected, interface upgrades to newer option format and deletes old options. |
3eb34ffd |
146 | |
b3eff6ca |
147 | In version 1.5.1, SquirrelSpell user dictionaries are saved with generic |
148 | SquirrelMail data functions. SquirrelSpell should copy older dictionaries |
149 | if dictionary version information is not present in user preferences. Once |
150 | the dictionary is copied, <username>.words files are obsolete and no longer |
151 | updated. |
a23d0264 |
152 | |
b3eff6ca |
153 | If the same data directory is used with other backwards incompatible versions, |
154 | the older SquirrelMail version may lose some user preferences or work with |
155 | outdated data. Admins are advised to use a separate data directory for the |
156 | 1.5.1 release. The data directory can be configured by running configure. |
5a614456 |
157 | |
b3eff6ca |
158 | Data Directory |
368ab966 |
159 | ============== |
b3eff6ca |
160 | The directory data/ is no longer included in our tarball. Since placing this |
161 | directory under a web-accessible directory is not very wise, we've decided to |
162 | not pack it anymore. Admins will need to create it. Please choose a location |
163 | that's safe (not web accessible), e.g. /var/squirrelmail/data. |
164 | |
165 | Reporting Your Favorite SquirrelMail Bug |
166 | ======================================== |
167 | We constantly aim to make SquirrelMail even better, so we need you to submit |
168 | any bugs you come across! Also, please mention that the bug is in this release |
169 | (version 1.5.1), and list your IMAP server and web server details. Bugs can be |
170 | submitted at: |
a67a0f59 |
171 | |
172 | http://www.squirrelmail.org/bugs |
173 | |
b3eff6ca |
174 | Thanks for your cooperation with this. This helps ensure that nothing slips |
175 | through the cracks. Also, please search the bug database for existing items |
176 | before submitting a new bug. This will help to eliminate duplicate reports and |
177 | increase the time we can spend FIXING existing bugs by DECREASING the time we |
178 | spend sorting through bug reports. Remember to check for CLOSED bug reports |
179 | also, not just OPEN bug reports, in case a bug you want to report may have been |
180 | recently fixed in CVS. |
a67a0f59 |
181 | |
5a614456 |
182 | If you want to join us in coding SquirrelMail, or have other things to share |
f7cd8eb4 |
183 | with the developers, join the development mailing list: |
a67a0f59 |
184 | |
a23d0264 |
185 | squirrelmail-devel@lists.sourceforge.net |
815d9ba0 |
186 | |
0ca033d5 |
187 | |
ef1932a4 |
188 | About Our Release Alias |
189 | ======================= |
b3eff6ca |
190 | This release is labeled the "Fire in the Hole" release. "Fire in the Hole" is |
5a614456 |
191 | a phrase used to warn of the detonation of an explosive device. The phrase may |
192 | have been originated by miners, who made extensive use of explosives while |
f7cd8eb4 |
193 | working underground. |
194 | |
b3eff6ca |
195 | This release has been created to get a fixed package after more than two years |
196 | of development in the CVS HEAD branch. This package contains many experimental |
197 | changes. These changes add new features that can/will be unstable and/or |
198 | create an inconsistent UI. If you want to use stable code, you should stick to |
199 | the 1.4.x series of SquirrelMail. If you find issues in this package, make |
200 | sure that they are still present in the latest development code snapshots. To |
201 | obtain thelatest development snapshot, see |
202 | |
203 | http://www.squirrelmail.org/download.php#snapshot |
ef1932a4 |
204 | |
815d9ba0 |
205 | Happy SquirrelMailing! |
206 | - The SquirrelMail Project Team |