/*****************************************************************
- * Release Notes: SquirrelMail 1.3.2 *
- * The "Nut cracker" Release *
- * 29 October 2002 *
- *****************************************************************/
+ * Release Notes: SquirrelMail 1.5.1 *
+ * The "Fire in the Hole" Release *
+ * 2006-02-19 *
+*****************************************************************/
+
+WARNING. If you can read this, then you are reading file from 1.5.1cvs and not
+final release notes.
+
+
In this edition of SquirrelMail Release Notes:
- * All about this Release!!!
+ * All about this Release!
* Major updates
- * A note on solved bugs
- * Reporting my favorite SquirrelMail 1.3 bug
- * About our Release Aliases
-
-All about this Release!!!
-=========================
-
-This is the third release on our way to a new stable series.
-On our way to, that is, this is a development release, which is not
-intended for production servers. We feel that releasing development
-versions will help us making the to-be stable release more stable, and
-restricting the ability to test no longer to people who use CVS.
-
-So download it! Install it, and try to break it! We are hungry for any
-bug report you send. If stumbling over a bug is a true non-option,
-this release is not for you. In that case, download the stable version
-and enjoy that one.
-
-In general, we are planning to regularly release a 1.3.x version until
-it is stable enough to call her 1.4 or 2.0. While I'm at it, one
-comment on version numbers. Our version numbers take the form of A.B.C
- A increases with time, but only very seldomly.
- B if it is even (0, 2, 4 etc), it is a stable release
- if it is odd (1, 3, 5 etc), it is a development release
- C indicates small changes.
-Which is to say our version numbering system is the same as that of
-the linux kernel. So 1.2.9 is a stable version, and 1.3.2 (this one)
-is a development release.
-
-We are excited to bring you the fruits of a very good development
-series. Major rewrites of the back-end and the user interface have
-been happening since the 1.2 series.
+ * Security updates
+ * Plugin updates
+ * Possible issues
+ * Backwards incompatible changes
+ * Data directory changes
+ * Reporting my favorite SquirrelMail bug
+
+All about this Release!
+=======================
+
+This is the second release of our new 1.5.x-series, which is a
+DEVELOPMENT release.
+
+See the Major Updates section of this file for more.
+
Major updates
==============
+Rewritten IMAP functions and added extra data caching code. Internal sorting
+functions should be faster than code used in SquirrelMail 1.5.0 and older
+versions. Data caching should reduce number of IMAP calls in folder management
+and mailbox status functions.
-To summarize the major updates in the 1.3.2 release:
-* The support of register globals = off
-* A complete rewrite of the way we send mail (Deliver-class)
-* Lot's of bugfixes.
-
+Own gettext implementation replaced with PHP Gettext classes. Update adds
+ngettext and dgettext support.
-A note on solved bugs
-=====================
+Templates, css and error handler.
-After the release of 1.3.0 and 1.3.1 we received lots of usefull bug-reports.
-At this moment we can say that most issues are solved.
-One of the biggest bug reporter was Cor Bosman from the dutch ISP XS4ALL.
-They scheduled the use of SquirrelMail 1.3.2 because of it's UID support.
-At this moment they are switched over to 1.3.2 CVS and it's running fine on
-the production servers. The imap-server load was dropped significantly and
-that's exactly what we tried to establish in the DEVEL branche.
+SquirrelMail started using internal cookie functions in order to have more
+controls over cookie format. Cookies set with sqsetcookie() function use
+extra parameter that secures cookie information in browsers that follow
+MSDN cookie specifications.
+SquirrelMail IMAP and SMTP libraries updated to allow use of STARTTLS extension.
+Code is experimental and requires PHP 5.1.0 or newer with
+stream_socket_enable_crypto() function support.
-A note on plugins
-=================
+Updated wrapping functions in compose.
-There have been very severe architecture improvements. Lots of plugins
-have not yet been adapted to this. Plugins which are distributed with
-this release (eg. in the same .tar.gz file) may work. Plugins not
-distributed with this plugin most probably WILL NOT WORK.
-So if you have ANY problem at all, first try turning off all plugins.
+Security updates
+================
-A note on your configuration
-============================
+This release contains security fixes applied to development branch after 1.5.0
+release:
+ CVE-2004-0521 - SQL injection vulnerability in address book.
+ CVE-2004-1036 - XSS exploit in decodeHeader function.
+ CVE-2005-0075 - Potential file inclusion in preference backend selection code.
+ CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php.
+ CVE-2005-0104 - Possible XSS issues in src/webmail.php.
+ CVE-2005-1769 - Several cross site scripting (XSS) attacks.
+ CVE-2005-2095 - Extraction of all POST variables in advanced identity code.
+ CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php.
+ CVE-2006-0195 - Possible XSS in MagicHTML, IE only.
+ CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter.
-For a whole bunch of reasons, it is MANDATORY that you run conf.pl
-(and then save your configuration) from the config/ directory before
-using this release.
+If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest
+stable SquirrelMail version.
-If you have problems with UID support, please do these 2 things:
+Plugin updates
+==============
+Added site configuration options to filters, fortune, translate, newmail,
+bug_report plugins. Improved newmail and change_password plugins. Fixed data
+corruption issues in calendar plugin.
+
+SquirrelSpell plugin was updated to use generic SquirrelMail preference functions.
+User preferences and personal dictionaries that were stored in .words files are
+moved to .pref files or other configured user data storage backend.
+
+
+Possible issues
+===============
+Internal SquirrelMail cookie implementation is experimental. If you have cookie
+expiration or corruption issues with some browser and can reproduce them only in
+1.5.1 version, contact SquirrelMail developers and help them to debug your issue.
+
+SquirrelMail 1.5.1 changed some functions and hooks. login_form hook requires
+different coding style. html_top, html_bottom, internal_link hooks are removed.
+src/move_messages.php code moved to main mailbox listing script. Some hooks are
+broken after implementation of templates in mailbox listing pages. soupNazi()
+function is replaced with checkForJavascript() function. sqimap_messages_delete,
+sqimap_messages_copy, sqimap_messages_flag and sqimap_get_small_header()
+functions are obsoleted. Some IMAP functions return data in different format.
+If plugins depend on changed or removed functions, they will break in this
+SquirrelMail version.
+
+This SquirrelMail version implemented code that unregisters globals in PHP
+register_globals=on setups. If some plugin loads main SquirrelMail functions
+and depends on PHP register_globals, it will be broken.
+
+IMAP sorting/threading
+
+Backward incompatible changes
+=============================
+Index order options are modified in 1.5.1 version. If older options are
+detected, interface upgrades to newer option format and deletes old options.
+
+In 1.5.1 version SquirrelSpell user dictionaries are saved with generic
+SquirrelMail data functions. Code should copy older dictionary, if dictionary
+version information is not present in user preferences. Once dictionary is
+copied, <username>.words files are obsolete and no longer updated.
+
+If same data directory is used with other backwards incompatible version, older
+SquirrelMail version can lose some user preferences or work with outdated data.
+
+Data directory
+==============
-1) For our comfort and the prosper of SquirrelMail:
- send a bugreport with this information
- * IMAP server type + version
- * Whether you use server-side sorting
- * Whether you use thread sorting
- * The value of "sort" (as in conf.pl)
- bugs can be submitted at: http://www.squirrelmail.org/bugs
-2) For your own pleasure and comfort:
- turn of UID support in conf.pl, so you can continue to use 1.3.2
+The directory data/ used to be included in our tarball. Since placing this dir
+under a web accessible directory is not very wise, we've decided to not pack it
+anymore; you need to create it yourself. Please choose a location that's safe,
+e.g. somewhere under /var.
-Reporting my favorite SquirrelMail 1.3 bug
-==========================================
+Reporting my favorite SquirrelMail bug
+======================================
-It is not unlikely you will experience some bugs while using this
-development version. Please submit these bugs. Also, please mention
-that the bug is in this 1.3.2 release.
+We constantly aim to make SquirrelMail even better. So we need you to submit
+any bug you come across! Also, please mention that the bug is in this 1.5.1
+release, and list your IMAP server and webserver details.
http://www.squirrelmail.org/bugs
-Thank you for your cooperation in that issue. That helps us to make
-sure that nothing slips through the cracks. Also, it would help if
-people would check existing tracker items for a bug before reporting
-it again. This would help to eliminate duplicate reports, and
-increase the time we can spend CODING by DECREASING the time we
-spend sorting through bug reports. And remember, check not only OPEN
-bug reports, but also closed ones as a bug that you report MAY have
-been fixed in CVS already.
+Thanks for your cooperation with this. That helps us to make sure nothing slips
+through the cracks. Also, it would help if people would check existing tracker
+items for a bug before reporting it again. This would help to eliminate
+duplicate reports, and increase the time we can spend CODING by DECREASING the
+time we spend sorting through bug reports. And remember, check not only OPEN
+bug reports, but also closed ones as a bug that you report MAY have been fixed
+in CVS already.
-In case you want to join us on coding SquirrelMail, or have other
-things to share with the developers, join the development mailinglist:
+If you want to join us in coding SquirrelMail, or have other things to share
+with the developers, join the development mailing list:
squirrelmail-devel@lists.sourceforge.net
-About our Release Aliases
-=========================
-With the release of 1.3.2 we can say we realy cracked some nuts regarding
-hard to solve issues.
-Future devel versions will continue carrying "Nut" releasenames
-to keep the squirrel satisfied. Since winter is coming we better hurry up
-with new "Nut" releases. We don't want a death squirrel due to starvation.
-So next time you see a squirrel feed him nuts, think about SquirrelMail and
-a new friendship is born.
+About Our Release Alias
+=======================
+
+This release is labeled the "Fire in the Hole" release. "Fire in the hole" is
+a phrase used to warn of the detonation of an explosive device. The phrase may
+have been originated by miners, who made extensive use of explosives while
+working underground.
+Release is created in order to get fixed package after two years of development
+in HEAD branch. Package contains many experimental changes. Changes add new
+features, that can be unstable and cause inconsistent UI. If you want to use
+stable code, you should stick to SquirrelMail 1.4.x series. If you find issues
+in this package, make sure that they are still present in latest development
+code snapshots.
Happy SquirrelMailing!
- The SquirrelMail Project Team