*** SquirrelMail Devel Series 1.5 ***
*************************************
-Version 1.5.1 -- CVS
---------------------
+Version 1.5.2 CVS
+ -
+
+Version 1.5.1 (branched on 2006-02-12)
+--------------------------------------
- New reply citation to include date and author.
- Security: Fix some possible XSS bugs.
- Norwegian Bokmal translation uses nb_NO.
- Fixed character wrapping/encoding issues in Japanese translation (#1377622).
Issue is specific to sqBodyWrap() and string function wrappers introduced in
1.5.1.
- - MagicHTML fix for comments in styles.
+ - Security: MagicHTML fix for comments in styles which allowed
+ for cross site scripting when using Internet Explorer
+ [CVE-2006-0195].
- Added 'mail' and 'sn' attributes to address book LDAP backend search
expression (#1368154).
- Added mailbox caching code by Michael Long.
- Prevent output of whitespace during plugin activation. Fixes possible
attachment corruption by incorrectly coded plugins.
- Fixed data sanitizing in calendar plugin (#1291081)(#705796).
- - Prohibit imap injection attempts (reported by Vicente Aguilera)
- - Don't move messages in sqimap_msgs_list_move() functions, when target
+ - Security: Prohibit imap injection attempts (reported by Vicente Aguilera)
+ [CVE-2006-0377].
+ - Don't move messages in sqimap_msgs_list_move() function call, when target
mailbox is same as source mailbox. Adds fifth argument to
sqimap_msgs_list_move() function. Fixes possible issues on MacOS Cyrus
IMAP server (#1409453).
-
+ - Style sheets are moved to template.
+ - displayHtmlHeader() function call sends http headers in order to prevent
+ page caching.
+ - Added Template set selection.
+ - Merged patch from Steve Brown to transform current templates to css
+ based templates.
+ - Added footer template to every page.
+ - Added experimental IMAP and SMTP STARTTLS extension support.
+ - Security: Fix possible cross site scripting through the right_main
+ parameter of webmail.php. This now uses a whitelist of acceptable
+ values. [CVE-2006-0188]
+ - Disabled display of regexp compilation errors in local_file address
+ book backend.
+ - DOCTYPE tags are switched from quirks to standard compliance mode.
+ - Improved error reporting concerning THREAD, SORT and BADCHARSET.
+ - Added options to disable THREAD and SORT extension.
+ - Fixed mailbox cache issues caused by using prev/next links in
+ read_body.php.
+ - Added View as HTML support to the SquirrelMail core.
+ - Fixed bug #550557.
+ - Applied status cache patch created by Michael Long.
+ - Updated newmail plugin to make use of status cache (Michael Long)
+ - Added RECENT check to left_main.php to bold the unseen message string if
+ there are recent messages.
+ - Fixed search query in filters.php, now we respect the imap continuation
+ request (Michael Long).
+ - Fixed bug in digest message view where the from name disappeared after
+ opening a digest message.
+ - Fixed checkall link in case javascript was disabled.
+ - Rewrite of thread parsing code in order to improve performance.
+ - Adapted message squisher function to gain performance.
+ - Fixed bug #1093360, skip untagged NO responses in APPEND query.
Version 1.5.0 - 2 February 2004
-------------------------------