X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=ReleaseNotes;h=b89a8295f1bccd5339513207dcc38ce63bc04253;hb=a15f9d9379cebc62fa39b6cb10d2195f95ed5081;hp=4332e9a5ae5616b6c7f4d0ee0b6bd45fa82a8afc;hpb=ebea10164b58c6cec7cc608b00899c36c3999d2d;p=squirrelmail.git diff --git a/ReleaseNotes b/ReleaseNotes index 4332e9a5..b89a8295 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -1,134 +1,137 @@ /***************************************************************** - * Release Notes: SquirrelMail 1.3.1 * - * The "Marc for President!" Release * - * 19 august 2002 * - *****************************************************************/ + * Release Notes: SquirrelMail 1.5.1 * + * The "Fire in the Hole" Release * + * 2006-02-19 * +*****************************************************************/ + +WARNING. If you can read this, then you are reading file from 1.5.1cvs and not +final release notes. + + In this edition of SquirrelMail Release Notes: - * All about this Release!!! - * Reporting my favorite SquirrelMail 1.3 bug - * Important Note about PHP 4.2.2 - * About our Release Aliases + * All about this Release! + * Major updates + * Security updates + * Plugin updates + * Possible issues + * Backwards incompatible changes + * Data directory changes + * Reporting my favorite SquirrelMail bug + +All about this Release! +======================= -All about this Release!!! -========================= +This is the second release of our new 1.5.x-series, which is a +DEVELOPMENT release. -This is the second release on our way to a new stable series. -On our way to, that is, this is a development release, which is not -intended for production servers. We feel that releasing development -versions will help us making the to-be stable release more stable, and -restricting the ability to test no longer to people who use CVS. +See the Major Updates section of this file for more. -So download it! Install it, and try to break it! We are hungry for any -bug report you send. If stumbling over a bug is a true non-option, -this release is not for you. In that case, download the stable version -and enjoy that one. -In general, we are planning to regularly release a 1.3.x version until -it is stable enough to call her 1.4 or 2.0. While I'm at it, one -comment on version numbers. Our version numbers take the form of A.B.C - A increases with time, but only very seldomly. - B if it is even (0, 2, 4 etc), it is a stable release - if it is odd (1, 3, 5 etc), it is a development release - C indicates small changes. -Which is to say our version numbering system is the same as that of -the linux kernel. So 1.2.7 is a stable version, and 1.3.1 (this one) -is a development release. +Major updates +============== +Rewritten IMAP functions and added extra data caching code. Internal sorting +functions should be faster than code used in SquirrelMail 1.5.0 and older +versions. Data caching should reduce number of IMAP calls in folder management +and mailbox status functions. + +Own gettext implementation replaced with PHP Gettext classes. Update adds +ngettext and dgettext support. -We are excited to bring you the fruits of a very good development -series. Major rewrites of the back-end and the user interface have -been happening since the 1.2 series. +Templates, css and error handler. +Own cookie functions -A note on plugins -================= +Updated wrapping functions in compose. -There have been very severe architecture improvements. Lots of plugins -have not yet been adapted to this. Plugins which are distributed with -this release (eg. in the same .tar.gz file) may work. Plugins not -distributed with this plugin most probably WILL NOT WORK. -So if you have ANY problem at all, first try turning off all plugins. +Security updates +================ +This release contains security fixes applied to development branch after 1.5.0 +release. +CVE-2004-0521 - SQL injection vulnerability in address book. +CVE-2004-1036 - XSS exploit in decodeHeader function. +CVE-2005-0075 - Potential file inclusion in preference backend selection code. +CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php. +CVE-2005-0104 - Possible XSS issues in src/webmail.php. +CVE-2005-1769 - Several cross site scripting (XSS) attacks. +CVE-2005-2095 - Extraction of all POST variables in advanced identity code. -A note on PHP 4.2.2 -=================== -There are certain issues with PHP 4.2.2 and session handling that have -not yet been addresses in this release. So this release MAY NOT WORK -when you use PHP 4.2.2. These issues will be addressed to in -forthcoming 1.3.x releases. +Plugin updates +============== +Added site configuration options to filters, fortune, translate, newmail, +bug_report plugins. Improved newmail and change_password plugins. +SquirrelSpell data storage -A note on your configuration -============================ -For a whole bunch of reasons, it is MANDATORY that you run conf.pl -(and then save your configuration) from the config/ directory before -using this release. +Possible issues +=============== +Cookies +Plugins (changes in hooks and IMAP API) +IMAP sorting/threading -If you have problems with UID support, please do these 2 things: +Backward incompatible changes +============================= +Index order options are modified in 1.5.1 version. If older options are +detected, interface upgrades to newer option format and deletes old options. -1) For our comfort and the prosper of SquirrelMail: - send a bugreport with this information - * IMAP server type + version - * Whether you use server-side sorting - * Whether you use thread sorting - * The value of "sort" (as in conf.pl) - bugs can be submitted at: http://www.squirrelmail.org/bugs -2) For your own pleasure and comfort: - turn of UID support in conf.pl, so you can continue to use 1.3.1 +In 1.5.1 version SquirrelSpell user dictionaries are saved with generic +SquirrelMail data functions. Code should copy older dictionary, if dictionary +version information is not present in user preferences. Once dictionary is +copied, .words files are obsolete and no longer updated. +If same data directory is used with other backwards incompatible version, older +SquirrelMail version can lose some user preferences or work with outdated data. -A note on MIME +Data directory ============== -In case you stumble over a message of which something goes wrong with -MIME (it does not display some of its parts all right, etc. etc.), -please forward the message AS AN ATTACHMENT to -squirrelmail-devel@lists.sourceforge.net. However, AVOID -forwarding emails over 20k of size. Please not as well that messages -which are NOT forwarded AS AN ATTACHMENT are COMPLETEY USELESS for our -testing purposes. +The directory data/ used to be included in our tarball. Since placing this dir +under a web accessible directory is not very wise, we've decided to not pack it +anymore; you need to create it yourself. Please choose a location that's safe, +e.g. somewhere under /var. -Reporting my favorite SquirrelMail 1.3 bug -========================================== +Reporting my favorite SquirrelMail bug +====================================== -It is not unlikely you will experience some bugs while using this -development version. Please submit these bugs. Also, please mention -that the bug is in this 1.3.1 release. +We constantly aim to make SquirrelMail even better. So we need you to submit +any bug you come across! Also, please mention that the bug is in this 1.5.1 +release, and list your IMAP server and webserver details. http://www.squirrelmail.org/bugs -Thank you for your cooperation in that issue. That helps us to make -sure that nothing slips through the cracks. Also, it would help if -people would check existing tracker items for a bug before reporting -it again. This would help to eliminate duplicate reports, and -increase the time we can spend CODING by DECREASING the time we -spend sorting through bug reports. And remember, check not only OPEN -bug reports, but also closed ones as a bug that you report MAY have -been fixed in CVS already. +Thanks for your cooperation with this. That helps us to make sure nothing slips +through the cracks. Also, it would help if people would check existing tracker +items for a bug before reporting it again. This would help to eliminate +duplicate reports, and increase the time we can spend CODING by DECREASING the +time we spend sorting through bug reports. And remember, check not only OPEN +bug reports, but also closed ones as a bug that you report MAY have been fixed +in CVS already. -In case you want to join us on coding SquirrelMail, or have other -things to share with the developers, join the development mailinglist: +If you want to join us in coding SquirrelMail, or have other things to share +with the developers, join the development mailing list: squirrelmail-devel@lists.sourceforge.net -About our Release Aliases - By Wouter Teepe -========================= - -In the last months we have had our development team enlarged by, -amongst others, Marc. Marc has been one of the greatest contributors -to the stable series. After the release of 1.3.0, just 2 days ago, he -managed to fix many many small bugs that were found. Almost when -others (including myself) just thought "Huh, another release?" Marc -was working hard to improve all kind of things. All fixes in this -release (and possibly new bugs ;-)) are due to his hard work. +About Our Release Alias +======================= -Keep up the good work, Marc! +This release is labeled the "Fire in the Hole" release. "Fire in the hole" is +a phrase used to warn of the detonation of an explosive device. The phrase may +have been originated by miners, who made extensive use of explosives while +working underground. +Release is created in order to get fixed package after two years of development +in HEAD branch. Package contains many experimental changes. Changes add new +features, that can be unstable and cause inconsistent UI. If you want to use +stable code, you should stick to SquirrelMail 1.4.x series. If you find issues +in this package, make sure that they are still present in latest development +code snapshots. Happy SquirrelMailing! - The SquirrelMail Project Team