Everyone deserves version info
[squirrelmail.git] / ReleaseNotes
CommitLineData
815d9ba0 1/*****************************************************************
b9385398 2 * Release Notes: SquirrelMail 1.5.2 *
3 * The "" Release *
4 * 2006-xx-xx *
f7cd8eb4 5*****************************************************************/
6
b9385398 7WARNING. If you can read this, then you are reading file from cvs and not
f7cd8eb4 8final release notes.
9
10
a67a0f59 11In this edition of SquirrelMail Release Notes:
b3eff6ca 12 * All About This Release!
13 * Major Updates
14 * Security Updates
15 * Plugin Updates
16 * Possible Issues
17 * Backwards Incompatible Changes
18 * Data Directory Changes
19 * Reporting Your Favorite SquirrelMail Bug
20
815d9ba0 21
b3eff6ca 22All About This Release!
23=======================
5a614456 24This is the second release of our new 1.5.x-series, which is a
25DEVELOPMENT release.
f11c804f 26
b3eff6ca 27See the Major Updates section of this file for more information.
a23d0264 28
ef1932a4 29
b3eff6ca 30Major Updates
3eb34ffd 31==============
b3eff6ca 32Rewritten IMAP functions and optimized IMAP data caching code. Internal
33sorting functions should be faster than code used in SquirrelMail <= 1.5.0.
34Together with the optimized caching code, all the logic concerning sorting has
35been rewritten so that Squirrelmail can display more columns with sort support
36in the messages list. I.e. the From and To column in the same view sorted on
37size. Also, the number of IMAP calls is reduced by smarter caching in the IMAP
38mailbox area and by the optimized header and sort cache code. Reducing the
39amount of IMAP calls will lower the load on your IMAP server and increase
5a614456 40SquirrelMail performance.
41
b3eff6ca 42In-house gettext implementation replaced with PHP Gettext classes. Update adds
f7cd8eb4 43ngettext and dgettext support.
44
b3eff6ca 45Begin work on separating the SquirrelMail internal logic from user interface
46related logic. This has resulted in the first (very) rough CSS-based PHP
47templates. In future releases we will finish the mentioned separation and work
48on simpler templates.
5a614456 49
b3eff6ca 50Added JavaScript-based message row highlighting code (disabled by default) for
5a614456 51faster selection of messages in the messages list.
52
b3eff6ca 53Usage of a centralized error handler. Development will continue in 1.5.2.
f7cd8eb4 54
b3eff6ca 55SquirrelMail has started using internal cookie functions in order to have more
56control over cookie format. Cookies set with sqsetcookie() function now use an
57extra parameter (HttpOnly) to secure cookie information by making the cookie
58not accessible to scripts (particularly, JavaScript). This feature is only
59supported in browsers that follow the MSDN cookie specifications (see
60http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp).
61Currently this is limited to IE6 >= SP1.
53bbd9b3 62
b3eff6ca 63SquirrelMail IMAP and SMTP libraries now support use of STARTTLS extension.
5a614456 64The code is experimental and requires PHP 5.1.0 or newer with
b3eff6ca 65stream_socket_enable_crypto() function support enabled.
f7cd8eb4 66
5b0931c5 67Updated wrapping functions in compose. New wrapping code improves quoting
68of text chapters. Thanks to Justus Pendleton.
f7cd8eb4 69
b3eff6ca 70Added code for advanced searching in messages. Now it's possible to switch
5a614456 71between normal search and advanced search.
72
5b0931c5 73Main SquirrelMail code implements view_as_html and folder_settings plugin
74features. These plugins should not be used in SquirrelMail 1.5.1.
75
f7cd8eb4 76
b3eff6ca 77Security Updates
f7cd8eb4 78================
5a614456 79This release contains security fixes applied to development branch after 1.5.0
53bbd9b3 80release:
81 CVE-2004-0521 - SQL injection vulnerability in address book.
82 CVE-2004-1036 - XSS exploit in decodeHeader function.
83 CVE-2005-0075 - Potential file inclusion in preference backend selection code.
84 CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php.
85 CVE-2005-0104 - Possible XSS issues in src/webmail.php.
86 CVE-2005-1769 - Several cross site scripting (XSS) attacks.
87 CVE-2005-2095 - Extraction of all POST variables in advanced identity code.
dfce8fce 88 CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php.
89 CVE-2006-0195 - Possible XSS in MagicHTML, IE only.
90 CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter.
53bbd9b3 91
92If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest
93stable SquirrelMail version.
f7cd8eb4 94
b3eff6ca 95
96Plugin Updates
f7cd8eb4 97==============
b3eff6ca 98Added site configuration options for filters, fortune, translate, newmail,
5a614456 99bug_report plugins. Improved newmail and change_password plugins. Fixed data
53bbd9b3 100corruption issues in calendar plugin.
f7cd8eb4 101
53bbd9b3 102SquirrelSpell plugin was updated to use generic SquirrelMail preference functions.
5a614456 103User preferences and personal dictionaries that were stored in .words files are
53bbd9b3 104moved to .pref files or other configured user data storage backend.
f7cd8eb4 105
106
b3eff6ca 107Possible Issues
f7cd8eb4 108===============
5a614456 109Internal SquirrelMail cookie implementation is experimental. If you have cookie
b3eff6ca 110expiration or corruption issues and can reproduce them only in 1.5.1 version,
111contact one of the SquirrelMail developers and to help them debug the issue.
53bbd9b3 112
683963df 113SquirrelMail 1.5.1 changed some functions and hooks. login_form hook requires
b3eff6ca 114different coding style. html_top, html_bottom, internal_link hooks have been
115removed. src/move_messages.php code has been moved to the main mailbox listing
116script. Some hooks may be broken after implementation of templates, especially
117in mailbox listing pages. soupNazi() function has been replaced with the
118checkForJavascript() function. sqimap_messages_delete(),
119sqimap_messages_copy(), sqimap_messages_flag() and sqimap_get_small_header()
120functions are now obsolete. Some IMAP functions return data in different
121format. If plugins depend on changed or removed functions, they will break in
122this version of SquirrelMail.
683963df 123
5b0931c5 124This SquirrelMail version added http headers that prevent caching of pages by
125proxies. Headers are added in SquirrelMail displayHtmlHeader() function. Changes
126require that html output is not started before displayHtmlHeader() is called. If
127some code starts output, PHP errors will be displayed. If plugins display
128notices in options_save hook and don't stop script execution on error, page
129display will be broken.
130
131SquirrelMail 1.5.1 implemented code that unregisters globals in PHP
b3eff6ca 132register_globals=on setups. Plugins that load main SquirrelMail functions and
133depend on PHP register_globals=on will be broken.
53bbd9b3 134
f7cd8eb4 135IMAP sorting/threading
b3eff6ca 136By default, SquirrelMail will make use of the capabilities provided by the IMAP
5a614456 137server. This means that if the IMAP server supports SORT and THREAD sorting then
138SquirrelMail makes use of it. Some broken IMAP servers advertise the SORT and
139THREAD capabilities although they do not support it. For those IMAP servers
140there is a config option to disable the use of SORT and THREAD sort.
f7cd8eb4 141
b3eff6ca 142Backward Incompatible Changes
f7cd8eb4 143=============================
5a614456 144Index order options are modified in 1.5.1 version. If older options are
f7cd8eb4 145detected, interface upgrades to newer option format and deletes old options.
3eb34ffd 146
b3eff6ca 147In version 1.5.1, SquirrelSpell user dictionaries are saved with generic
148SquirrelMail data functions. SquirrelSpell should copy older dictionaries
149if dictionary version information is not present in user preferences. Once
150the dictionary is copied, <username>.words files are obsolete and no longer
151updated.
a23d0264 152
b3eff6ca 153If the same data directory is used with other backwards incompatible versions,
154the older SquirrelMail version may lose some user preferences or work with
155outdated data. Admins are advised to use a separate data directory for the
1561.5.1 release. The data directory can be configured by running configure.
5a614456 157
b3eff6ca 158Data Directory
368ab966 159==============
b3eff6ca 160The directory data/ is no longer included in our tarball. Since placing this
161directory under a web-accessible directory is not very wise, we've decided to
162not pack it anymore. Admins will need to create it. Please choose a location
163that's safe (not web accessible), e.g. /var/squirrelmail/data.
164
165Reporting Your Favorite SquirrelMail Bug
166========================================
167We constantly aim to make SquirrelMail even better, so we need you to submit
168any bugs you come across! Also, please mention that the bug is in this release
169(version 1.5.1), and list your IMAP server and web server details. Bugs can be
170submitted at:
a67a0f59 171
a3bb5005 172 http://squirrelmail.org/bugs
a67a0f59 173
b3eff6ca 174Thanks for your cooperation with this. This helps ensure that nothing slips
175through the cracks. Also, please search the bug database for existing items
176before submitting a new bug. This will help to eliminate duplicate reports and
177increase the time we can spend FIXING existing bugs by DECREASING the time we
178spend sorting through bug reports. Remember to check for CLOSED bug reports
179also, not just OPEN bug reports, in case a bug you want to report may have been
8fea605c 180recently fixed in our source code repository.
a67a0f59 181
5a614456 182If you want to join us in coding SquirrelMail, or have other things to share
f7cd8eb4 183with the developers, join the development mailing list:
a67a0f59 184
a23d0264 185 squirrelmail-devel@lists.sourceforge.net
815d9ba0 186
0ca033d5 187
ef1932a4 188About Our Release Alias
189=======================
b3eff6ca 190This release is labeled the "Fire in the Hole" release. "Fire in the Hole" is
5a614456 191a phrase used to warn of the detonation of an explosive device. The phrase may
192have been originated by miners, who made extensive use of explosives while
f7cd8eb4 193working underground.
194
b3eff6ca 195This release has been created to get a fixed package after more than two years
196of development in the CVS HEAD branch. This package contains many experimental
197changes. These changes add new features that can/will be unstable and/or
198create an inconsistent UI. If you want to use stable code, you should stick to
199the 1.4.x series of SquirrelMail. If you find issues in this package, make
200sure that they are still present in the latest development code snapshots. To
201obtain thelatest development snapshot, see
202
a3bb5005 203 http://squirrelmail.org/download.php#snapshot
ef1932a4 204
815d9ba0 205 Happy SquirrelMailing!
206 - The SquirrelMail Project Team