- * All about this Release!!!
- * Reporting my favorite SquirrelMail 1.2.0 bug
- * Important Note about PHP 4.1.0
- * Where are we going from here?
- * About our release Aliases
-
-All about this Release!!!
-=========================
-
-Being one of the most popular webmail clients, the developers of
-SquirrelMail feel a huge desire and responsibility to continue push
-the envelope and make SquirrelMail the best it can possibly be. You
-will not be disappointed with this release, as it is by far the most
-feature rich, and yet it is still the same sleek and unbloated and
-cuddly webmail application that we have all grown to love. Here is
-an incomplete list of new features and enhancements since the last
-stable release.
-
- * Collapsible Folders - The folder list can be collapsed at any
- parent folder. This makes folder lists with large
- hierarchical structures much easier to manage and navigate.
- * The Paginator! - This enables quick access to any page in the
- message list by simply choosing the page number to view
- rather than tediously clicking "next" 50 times.
- * Hundreds of UI tweaks - The user interface has been given a
- face-lift. The HTML has been largely overhauled, and while
- it still has the same general feel, it has been made more
- intuitive.
- * Drafts - It is now possible to compose a message and save it to
- be sent at a later date with the drafts option.
- * New Options Page - The options page has been completely
- rewritten for several reasons, the main of which was to
- allow seamless integration of plugin options and to
- provide uniformity throughout the entire section.
- * Multiple Identities - It is now possible to create different
- identities (home, work, school) that can be chosen upon
- sending. Each identity can have its own email address,
- full name, and signature.
- * Reply Citations - Different types of citations are now possible
- when replying to messages.
- * Better Attachment Handling - The plugin, attachment_common, has
- been fully integrated into the core of SquirrelMail. This
- allows inline viewing of several different types of
- attachments.
- * Integration of Several Plugins - The following plugins have been
- put directly into the core. As a result, be sure not to
- install these as plugins, as the result may be (at best)
- unpredictable: attachment_common, paginator, priority,
- printer_friendly, sqclock, xmailer.
- * Improved support for newer versions of PHP. Note that you may
- have trouble if you are running PHP version 4.0.100
- (commonly distributed with Debian 3.0).
- * Ability to mark messages as read and unread from the message listing.
- * Alternating Colors - The message list now alternates row colors
- by default. This presents a much cleaner and easier to
- read interface to the user.
-
-Aside from these obvious front end features, there are hundreds of
-bugs that have been fixed, and much of the code has been optimized
-and/or rewritten. This stable release is far superior in all
-aspects to all previous versions of SquirrelMail.
-
- Home Page: http://www.squirrelmail.org/
- Download: http://www.squirrelmail.org/download.php
- ScreenShots: http://www.squirrelmail.org/screenshots.php
-
-
-Reporting my favorite SquirrelMail 1.2.0 bug
-============================================
-
-Of course, in the words of Linus Torvalds, this release is officially
-certified to be Bug-Free (tm).
-
-However, if for some reason some bugs manage to find their way to the
-surface, please report them at once (after all, they ARE uncertified
-bugs!!!) The PROPER place to report these bugs is the SquirrelMail Bug
-Tracker.
-
- http://www.squirrelmail.org/bugs
-
-Thank you for your cooperation in that issue. That helps us to make
-sure that nothing slips through the cracks. Also, it would help if
-people would check existing tracker items for a bug before reporting
-it again. This would help to eliminate duplicate reports, and
-increase the time we can spend CODING by DECREASING the time we
-spend sorting through bug reports. And remember, check not only OPEN
-bug reports, but also closed ones as a bug that you report MAY have
-been fixed in CVS already.
-
-
-Important Note about PHP 4.1.0
-==============================
-
-First of all, let me say that you all HAVE been warned: the
-SquirrelMail Project Team is not supporting PHP 4.1.0 for the 1.2.0
-release. Basically, SquirrelMail was in the final death throws of
-this development series when the witty PHP folks decided to make the
-release of 4.1.0. Of course, we greatly appreciate their hard work! :)
-
-However, we were too close to the end of this whole thing to be able
-to spend the week or two EXTRA that it will take to get SquirrelMail
-1.2.0 PHP 4.1.0 ready. This will, on the bright side, be a major
-priority amongst the team in the immediate future. At first look, it
-seems that 4.1.0 support should just require a collection of
-relatively minor tweaks. You can expect 4.1.0 support within 2-3
-weeks, as a part of a later 1.2.X release.
-
-
-Where are we going from here?
+ * All About This Release!
+ * Major Updates
+ * Security Updates
+ * Plugin Updates
+ * Possible Issues
+ * Backwards Incompatible Changes
+ * Data Directory Changes
+ * Reporting Your Favorite SquirrelMail Bug
+
+
+All About This Release!
+=======================
+This is the second release of our new 1.5.x-series, which is a
+DEVELOPMENT release.
+
+See the Major Updates section of this file for more information.
+
+
+Major Updates
+==============
+Rewritten IMAP functions and optimized IMAP data caching code. Internal
+sorting functions should be faster than code used in SquirrelMail <= 1.5.0.
+Together with the optimized caching code, all the logic concerning sorting has
+been rewritten so that Squirrelmail can display more columns with sort support
+in the messages list. I.e. the From and To column in the same view sorted on
+size. Also, the number of IMAP calls is reduced by smarter caching in the IMAP
+mailbox area and by the optimized header and sort cache code. Reducing the
+amount of IMAP calls will lower the load on your IMAP server and increase
+SquirrelMail performance.
+
+In-house gettext implementation replaced with PHP Gettext classes. Update adds
+ngettext and dgettext support.
+
+Begin work on separating the SquirrelMail internal logic from user interface
+related logic. This has resulted in the first (very) rough CSS-based PHP
+templates. In future releases we will finish the mentioned separation and work
+on simpler templates.
+
+Added JavaScript-based message row highlighting code (disabled by default) for
+faster selection of messages in the messages list.
+
+Usage of a centralized error handler. Development will continue in 1.5.2.
+
+SquirrelMail has started using internal cookie functions in order to have more
+control over cookie format. Cookies set with sqsetcookie() function now use an
+extra parameter (HttpOnly) to secure cookie information by making the cookie
+not accessible to scripts (particularly, JavaScript). This feature is only
+supported in browsers that follow the MSDN cookie specifications (see
+http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp).
+Currently this is limited to IE6 >= SP1.
+
+SquirrelMail IMAP and SMTP libraries now support use of STARTTLS extension.
+The code is experimental and requires PHP 5.1.0 or newer with
+stream_socket_enable_crypto() function support enabled.
+
+Updated wrapping functions in compose. New wrapping code improves quoting
+of text chapters. Thanks to Justus Pendleton.
+
+Added code for advanced searching in messages. Now it's possible to switch
+between normal search and advanced search.
+
+Main SquirrelMail code implements view_as_html and folder_settings plugin
+features. These plugins should not be used in SquirrelMail 1.5.1.
+
+
+Security Updates
+================
+This release contains security fixes applied to development branch after 1.5.0
+release:
+ CVE-2004-0521 - SQL injection vulnerability in address book.
+ CVE-2004-1036 - XSS exploit in decodeHeader function.
+ CVE-2005-0075 - Potential file inclusion in preference backend selection code.
+ CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php.
+ CVE-2005-0104 - Possible XSS issues in src/webmail.php.
+ CVE-2005-1769 - Several cross site scripting (XSS) attacks.
+ CVE-2005-2095 - Extraction of all POST variables in advanced identity code.
+ CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php.
+ CVE-2006-0195 - Possible XSS in MagicHTML, IE only.
+ CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter.
+
+If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest
+stable SquirrelMail version.
+
+
+Plugin Updates
+==============
+Added site configuration options for filters, fortune, translate, newmail,
+bug_report plugins. Improved newmail and change_password plugins. Fixed data
+corruption issues in calendar plugin.
+
+SquirrelSpell plugin was updated to use generic SquirrelMail preference functions.
+User preferences and personal dictionaries that were stored in .words files are
+moved to .pref files or other configured user data storage backend.
+
+
+Possible Issues
+===============
+Internal SquirrelMail cookie implementation is experimental. If you have cookie
+expiration or corruption issues and can reproduce them only in 1.5.1 version,
+contact one of the SquirrelMail developers and to help them debug the issue.
+
+SquirrelMail 1.5.1 changed some functions and hooks. login_form hook requires
+different coding style. html_top, html_bottom, internal_link hooks have been
+removed. src/move_messages.php code has been moved to the main mailbox listing
+script. Some hooks may be broken after implementation of templates, especially
+in mailbox listing pages. soupNazi() function has been replaced with the
+checkForJavascript() function. sqimap_messages_delete(),
+sqimap_messages_copy(), sqimap_messages_flag() and sqimap_get_small_header()
+functions are now obsolete. Some IMAP functions return data in different
+format. If plugins depend on changed or removed functions, they will break in
+this version of SquirrelMail.
+
+This SquirrelMail version added http headers that prevent caching of pages by
+proxies. Headers are added in SquirrelMail displayHtmlHeader() function. Changes
+require that html output is not started before displayHtmlHeader() is called. If
+some code starts output, PHP errors will be displayed. If plugins display
+notices in options_save hook and don't stop script execution on error, page
+display will be broken.
+
+SquirrelMail 1.5.1 implemented code that unregisters globals in PHP
+register_globals=on setups. Plugins that load main SquirrelMail functions and
+depend on PHP register_globals=on will be broken.
+
+IMAP sorting/threading
+By default, SquirrelMail will make use of the capabilities provided by the IMAP
+server. This means that if the IMAP server supports SORT and THREAD sorting then
+SquirrelMail makes use of it. Some broken IMAP servers advertise the SORT and
+THREAD capabilities although they do not support it. For those IMAP servers
+there is a config option to disable the use of SORT and THREAD sort.
+
+Backward Incompatible Changes