815d9ba0 |
1 | /***************************************************************** |
f7cd8eb4 |
2 | * Release Notes: SquirrelMail 1.5.1 * |
3 | * The "Fire in the Hole" Release * |
4 | * 2006-02-19 * |
5 | *****************************************************************/ |
6 | |
5a614456 |
7 | WARNING. If you can read this, then you are reading file from 1.5.1cvs and not |
f7cd8eb4 |
8 | final release notes. |
9 | |
10 | |
815d9ba0 |
11 | |
a67a0f59 |
12 | In this edition of SquirrelMail Release Notes: |
ef1932a4 |
13 | * All about this Release! |
3eb34ffd |
14 | * Major updates |
f7cd8eb4 |
15 | * Security updates |
16 | * Plugin updates |
17 | * Possible issues |
18 | * Backwards incompatible changes |
19 | * Data directory changes |
20 | * Reporting my favorite SquirrelMail bug |
a67a0f59 |
21 | |
ef1932a4 |
22 | All about this Release! |
23 | ======================= |
815d9ba0 |
24 | |
5a614456 |
25 | This is the second release of our new 1.5.x-series, which is a |
26 | DEVELOPMENT release. |
f11c804f |
27 | |
bb91e60d |
28 | See the Major Updates section of this file for more. |
a23d0264 |
29 | |
ef1932a4 |
30 | |
3eb34ffd |
31 | Major updates |
32 | ============== |
5a614456 |
33 | Rewritten IMAP functions and added optimized imap data caching code. Internal |
34 | sorting functions should be faster than code used in SquirrelMail 1.5.0 and |
35 | older versions. Together with the optimized caching code all the logic |
36 | concerning sorting is rewritten in order to achieve that Squirrelmail can |
37 | display more columns with sort support in the messages list. I.e. the From and |
38 | To column in the same view sorted on size. |
39 | The amount of IMAP calls is reduced by smarter caching in the imap mailbox area |
40 | and the optimized header- and sort cache as described before. Reducing the |
41 | amount of IMAP calls will lower the load of your IMAP server and increase the |
42 | SquirrelMail performance. |
43 | |
44 | Own gettext implementation replaced with PHP Gettext classes. Update adds |
f7cd8eb4 |
45 | ngettext and dgettext support. |
46 | |
5a614456 |
47 | Initiation of separating the SquirrelMail internal logic from user interface |
48 | related logic which resulted in the first rough css based templates in php. In |
49 | future releases we finish the mentioned separation and work on simpler |
50 | templates. |
51 | |
52 | Added javascript based message row highlighting code (disabled by default) for |
53 | faster selection of messages in the messages list. |
54 | |
55 | Usage of a centralized error handler (moving process continues in 1.5.2). |
f7cd8eb4 |
56 | |
5a614456 |
57 | SquirrelMail started using internal cookie functions in order to have more |
53bbd9b3 |
58 | controls over cookie format. Cookies set with sqsetcookie() function use |
5a614456 |
59 | extra parameter (HttpOnly) that protects cookie information for javascript |
60 | access in browsers that follow MSDN cookie specifications (currently recent IE6 |
61 | versions). |
53bbd9b3 |
62 | |
63 | SquirrelMail IMAP and SMTP libraries updated to allow use of STARTTLS extension. |
5a614456 |
64 | The code is experimental and requires PHP 5.1.0 or newer with |
53bbd9b3 |
65 | stream_socket_enable_crypto() function support. |
f7cd8eb4 |
66 | |
67 | Updated wrapping functions in compose. |
68 | |
5a614456 |
69 | Added code for advanced searching in message. Now it's possible to switch |
70 | between normal search and advanced search. |
71 | |
f7cd8eb4 |
72 | |
73 | Security updates |
74 | ================ |
75 | |
5a614456 |
76 | This release contains security fixes applied to development branch after 1.5.0 |
53bbd9b3 |
77 | release: |
78 | CVE-2004-0521 - SQL injection vulnerability in address book. |
79 | CVE-2004-1036 - XSS exploit in decodeHeader function. |
80 | CVE-2005-0075 - Potential file inclusion in preference backend selection code. |
81 | CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php. |
82 | CVE-2005-0104 - Possible XSS issues in src/webmail.php. |
83 | CVE-2005-1769 - Several cross site scripting (XSS) attacks. |
84 | CVE-2005-2095 - Extraction of all POST variables in advanced identity code. |
dfce8fce |
85 | CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php. |
86 | CVE-2006-0195 - Possible XSS in MagicHTML, IE only. |
87 | CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter. |
53bbd9b3 |
88 | |
89 | If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest |
90 | stable SquirrelMail version. |
f7cd8eb4 |
91 | |
92 | Plugin updates |
93 | ============== |
5a614456 |
94 | Added site configuration options to filters, fortune, translate, newmail, |
95 | bug_report plugins. Improved newmail and change_password plugins. Fixed data |
53bbd9b3 |
96 | corruption issues in calendar plugin. |
f7cd8eb4 |
97 | |
53bbd9b3 |
98 | SquirrelSpell plugin was updated to use generic SquirrelMail preference functions. |
5a614456 |
99 | User preferences and personal dictionaries that were stored in .words files are |
53bbd9b3 |
100 | moved to .pref files or other configured user data storage backend. |
f7cd8eb4 |
101 | |
102 | |
103 | Possible issues |
104 | =============== |
5a614456 |
105 | Internal SquirrelMail cookie implementation is experimental. If you have cookie |
106 | expiration or corruption issues with some browser and can reproduce them only in |
107 | 1.5.1 version, contact one of the SquirrelMail developers and help them to debug |
108 | your issue. |
53bbd9b3 |
109 | |
683963df |
110 | SquirrelMail 1.5.1 changed some functions and hooks. login_form hook requires |
111 | different coding style. html_top, html_bottom, internal_link hooks are removed. |
5a614456 |
112 | src/move_messages.php code moved to main mailbox listing script. Some hooks are |
113 | broken after implementation of templates in mailbox listing pages. soupNazi() |
114 | function is replaced with checkForJavascript() function. sqimap_messages_delete, |
115 | sqimap_messages_copy, sqimap_messages_flag and sqimap_get_small_header() |
683963df |
116 | functions are obsoleted. Some IMAP functions return data in different format. |
5a614456 |
117 | If plugins depend on changed or removed functions, they will break in this |
683963df |
118 | SquirrelMail version. |
119 | |
5a614456 |
120 | This SquirrelMail version implemented code that unregisters globals in PHP |
121 | register_globals=on setups. If some plugin loads main SquirrelMail functions |
683963df |
122 | and depends on PHP register_globals, it will be broken. |
53bbd9b3 |
123 | |
f7cd8eb4 |
124 | IMAP sorting/threading |
5a614456 |
125 | By default SquirrelMail will make use of the capabilities provided by the IMAP |
126 | server. This means that if the IMAP server supports SORT and THREAD sorting then |
127 | SquirrelMail makes use of it. Some broken IMAP servers advertise the SORT and |
128 | THREAD capabilities although they do not support it. For those IMAP servers |
129 | there is a config option to disable the use of SORT and THREAD sort. |
f7cd8eb4 |
130 | |
131 | Backward incompatible changes |
132 | ============================= |
5a614456 |
133 | Index order options are modified in 1.5.1 version. If older options are |
f7cd8eb4 |
134 | detected, interface upgrades to newer option format and deletes old options. |
3eb34ffd |
135 | |
5a614456 |
136 | In 1.5.1 version SquirrelSpell user dictionaries are saved with generic |
137 | SquirrelMail data functions. Code should copy older dictionary, if dictionary |
138 | version information is not present in user preferences. Once dictionary is |
f7cd8eb4 |
139 | copied, <username>.words files are obsolete and no longer updated. |
a23d0264 |
140 | |
5a614456 |
141 | If the same data directory is used with other backwards incompatible version, |
142 | the older SquirrelMail version can lose some user preferences or work with |
143 | outdated data. We advise to use separate data directory for the 1.5.1 release. |
144 | The data directory can be configured by running configure. |
145 | |
368ab966 |
146 | |
147 | Data directory |
148 | ============== |
149 | |
5a614456 |
150 | The directory data/ used to be included in our tarball. Since placing this dir |
f7cd8eb4 |
151 | under a web accessible directory is not very wise, we've decided to not pack it |
5a614456 |
152 | anymore; you need to create it yourself. Please choose a location that's safe, |
f7cd8eb4 |
153 | e.g. somewhere under /var. |
368ab966 |
154 | |
155 | |
f7cd8eb4 |
156 | Reporting my favorite SquirrelMail bug |
157 | ====================================== |
a23d0264 |
158 | |
5a614456 |
159 | We constantly aim to make SquirrelMail even better. So we need you to submit |
160 | any bug you come across! Also, please mention that the bug is in this 1.5.1 |
f7cd8eb4 |
161 | release, and list your IMAP server and webserver details. |
a67a0f59 |
162 | |
163 | http://www.squirrelmail.org/bugs |
164 | |
f7cd8eb4 |
165 | Thanks for your cooperation with this. That helps us to make sure nothing slips |
5a614456 |
166 | through the cracks. Also, it would help if people would check existing tracker |
167 | items for a bug before reporting it again. This would help to eliminate |
168 | duplicate reports, and increase the time we can spend CODING by DECREASING the |
169 | time we spend sorting through bug reports. And remember, check not only OPEN |
170 | bug reports, but also closed ones as a bug that you report MAY have been fixed |
f7cd8eb4 |
171 | in CVS already. |
a67a0f59 |
172 | |
5a614456 |
173 | If you want to join us in coding SquirrelMail, or have other things to share |
f7cd8eb4 |
174 | with the developers, join the development mailing list: |
a67a0f59 |
175 | |
a23d0264 |
176 | squirrelmail-devel@lists.sourceforge.net |
815d9ba0 |
177 | |
0ca033d5 |
178 | |
ef1932a4 |
179 | About Our Release Alias |
180 | ======================= |
181 | |
5a614456 |
182 | This release is labeled the "Fire in the Hole" release. "Fire in the hole" is |
183 | a phrase used to warn of the detonation of an explosive device. The phrase may |
184 | have been originated by miners, who made extensive use of explosives while |
f7cd8eb4 |
185 | working underground. |
186 | |
187 | Release is created in order to get fixed package after two years of development |
5a614456 |
188 | in HEAD branch. Package contains many experimental changes. Changes add new |
189 | features, that can be unstable and cause inconsistent UI. If you want to use |
190 | stable code, you should stick to SquirrelMail 1.4.x series. If you find issues |
191 | in this package, make sure that they are still present in latest development |
192 | code snapshots. |
ef1932a4 |
193 | |
815d9ba0 |
194 | Happy SquirrelMailing! |
195 | - The SquirrelMail Project Team |