815d9ba0 |
1 | /***************************************************************** |
f7cd8eb4 |
2 | * Release Notes: SquirrelMail 1.5.1 * |
3 | * The "Fire in the Hole" Release * |
4 | * 2006-02-19 * |
5 | *****************************************************************/ |
6 | |
7 | WARNING. If you can read this, then you are reading file from 1.5.1cvs and not |
8 | final release notes. |
9 | |
10 | |
815d9ba0 |
11 | |
a67a0f59 |
12 | In this edition of SquirrelMail Release Notes: |
ef1932a4 |
13 | * All about this Release! |
3eb34ffd |
14 | * Major updates |
f7cd8eb4 |
15 | * Security updates |
16 | * Plugin updates |
17 | * Possible issues |
18 | * Backwards incompatible changes |
19 | * Data directory changes |
20 | * Reporting my favorite SquirrelMail bug |
a67a0f59 |
21 | |
ef1932a4 |
22 | All about this Release! |
23 | ======================= |
815d9ba0 |
24 | |
f7cd8eb4 |
25 | This is the second release of our new 1.5.x-series, which is a |
bb91e60d |
26 | DEVELOPMENT release. |
f11c804f |
27 | |
bb91e60d |
28 | See the Major Updates section of this file for more. |
a23d0264 |
29 | |
ef1932a4 |
30 | |
3eb34ffd |
31 | Major updates |
32 | ============== |
f7cd8eb4 |
33 | Rewritten IMAP functions and added extra data caching code. Internal sorting |
34 | functions should be faster than code used in SquirrelMail 1.5.0 and older |
35 | versions. Data caching should reduce number of IMAP calls in folder management |
36 | and mailbox status functions. |
37 | |
38 | Own gettext implementation replaced with PHP Gettext classes. Update adds |
39 | ngettext and dgettext support. |
40 | |
41 | Templates, css and error handler. |
42 | |
53bbd9b3 |
43 | SquirrelMail started using internal cookie functions in order to have more |
44 | controls over cookie format. Cookies set with sqsetcookie() function use |
45 | extra parameter that secures cookie information in browsers that follow |
46 | MSDN cookie specifications. |
47 | |
48 | SquirrelMail IMAP and SMTP libraries updated to allow use of STARTTLS extension. |
49 | Code is experimental and requires PHP 5.1.0 or newer with |
50 | stream_socket_enable_crypto() function support. |
f7cd8eb4 |
51 | |
52 | Updated wrapping functions in compose. |
53 | |
54 | |
55 | Security updates |
56 | ================ |
57 | |
58 | This release contains security fixes applied to development branch after 1.5.0 |
53bbd9b3 |
59 | release: |
60 | CVE-2004-0521 - SQL injection vulnerability in address book. |
61 | CVE-2004-1036 - XSS exploit in decodeHeader function. |
62 | CVE-2005-0075 - Potential file inclusion in preference backend selection code. |
63 | CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php. |
64 | CVE-2005-0104 - Possible XSS issues in src/webmail.php. |
65 | CVE-2005-1769 - Several cross site scripting (XSS) attacks. |
66 | CVE-2005-2095 - Extraction of all POST variables in advanced identity code. |
dfce8fce |
67 | CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php. |
68 | CVE-2006-0195 - Possible XSS in MagicHTML, IE only. |
69 | CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter. |
53bbd9b3 |
70 | |
71 | If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest |
72 | stable SquirrelMail version. |
f7cd8eb4 |
73 | |
74 | Plugin updates |
75 | ============== |
76 | Added site configuration options to filters, fortune, translate, newmail, |
53bbd9b3 |
77 | bug_report plugins. Improved newmail and change_password plugins. Fixed data |
78 | corruption issues in calendar plugin. |
f7cd8eb4 |
79 | |
53bbd9b3 |
80 | SquirrelSpell plugin was updated to use generic SquirrelMail preference functions. |
81 | User preferences and personal dictionaries that were stored in .words files are |
82 | moved to .pref files or other configured user data storage backend. |
f7cd8eb4 |
83 | |
84 | |
85 | Possible issues |
86 | =============== |
53bbd9b3 |
87 | Internal SquirrelMail cookie implementation is experimental. If you have cookie |
88 | expiration or corruption issues with some browser and can reproduce them only in |
89 | 1.5.1 version, contact SquirrelMail developers and help them to debug your issue. |
90 | |
683963df |
91 | SquirrelMail 1.5.1 changed some functions and hooks. login_form hook requires |
92 | different coding style. html_top, html_bottom, internal_link hooks are removed. |
93 | src/move_messages.php code moved to main mailbox listing script. Some hooks are |
94 | broken after implementation of templates in mailbox listing pages. soupNazi() |
95 | function is replaced with checkForJavascript() function. sqimap_messages_delete, |
96 | sqimap_messages_copy, sqimap_messages_flag and sqimap_get_small_header() |
97 | functions are obsoleted. Some IMAP functions return data in different format. |
98 | If plugins depend on changed or removed functions, they will break in this |
99 | SquirrelMail version. |
100 | |
101 | This SquirrelMail version implemented code that unregisters globals in PHP |
102 | register_globals=on setups. If some plugin loads main SquirrelMail functions |
103 | and depends on PHP register_globals, it will be broken. |
53bbd9b3 |
104 | |
f7cd8eb4 |
105 | IMAP sorting/threading |
106 | |
107 | Backward incompatible changes |
108 | ============================= |
109 | Index order options are modified in 1.5.1 version. If older options are |
110 | detected, interface upgrades to newer option format and deletes old options. |
3eb34ffd |
111 | |
f7cd8eb4 |
112 | In 1.5.1 version SquirrelSpell user dictionaries are saved with generic |
113 | SquirrelMail data functions. Code should copy older dictionary, if dictionary |
114 | version information is not present in user preferences. Once dictionary is |
115 | copied, <username>.words files are obsolete and no longer updated. |
a23d0264 |
116 | |
f7cd8eb4 |
117 | If same data directory is used with other backwards incompatible version, older |
118 | SquirrelMail version can lose some user preferences or work with outdated data. |
368ab966 |
119 | |
120 | Data directory |
121 | ============== |
122 | |
f7cd8eb4 |
123 | The directory data/ used to be included in our tarball. Since placing this dir |
124 | under a web accessible directory is not very wise, we've decided to not pack it |
125 | anymore; you need to create it yourself. Please choose a location that's safe, |
126 | e.g. somewhere under /var. |
368ab966 |
127 | |
128 | |
f7cd8eb4 |
129 | Reporting my favorite SquirrelMail bug |
130 | ====================================== |
a23d0264 |
131 | |
f7cd8eb4 |
132 | We constantly aim to make SquirrelMail even better. So we need you to submit |
133 | any bug you come across! Also, please mention that the bug is in this 1.5.1 |
134 | release, and list your IMAP server and webserver details. |
a67a0f59 |
135 | |
136 | http://www.squirrelmail.org/bugs |
137 | |
f7cd8eb4 |
138 | Thanks for your cooperation with this. That helps us to make sure nothing slips |
139 | through the cracks. Also, it would help if people would check existing tracker |
140 | items for a bug before reporting it again. This would help to eliminate |
141 | duplicate reports, and increase the time we can spend CODING by DECREASING the |
142 | time we spend sorting through bug reports. And remember, check not only OPEN |
143 | bug reports, but also closed ones as a bug that you report MAY have been fixed |
144 | in CVS already. |
a67a0f59 |
145 | |
f7cd8eb4 |
146 | If you want to join us in coding SquirrelMail, or have other things to share |
147 | with the developers, join the development mailing list: |
a67a0f59 |
148 | |
a23d0264 |
149 | squirrelmail-devel@lists.sourceforge.net |
815d9ba0 |
150 | |
0ca033d5 |
151 | |
ef1932a4 |
152 | About Our Release Alias |
153 | ======================= |
154 | |
f7cd8eb4 |
155 | This release is labeled the "Fire in the Hole" release. "Fire in the hole" is |
156 | a phrase used to warn of the detonation of an explosive device. The phrase may |
157 | have been originated by miners, who made extensive use of explosives while |
158 | working underground. |
159 | |
160 | Release is created in order to get fixed package after two years of development |
161 | in HEAD branch. Package contains many experimental changes. Changes add new |
162 | features, that can be unstable and cause inconsistent UI. If you want to use |
163 | stable code, you should stick to SquirrelMail 1.4.x series. If you find issues |
164 | in this package, make sure that they are still present in latest development |
165 | code snapshots. |
ef1932a4 |
166 | |
815d9ba0 |
167 | Happy SquirrelMailing! |
168 | - The SquirrelMail Project Team |