[squirrelmail.git] / ReleaseNotes

/*****************************************************************
 * Release Notes: SquirrelMail 1.5.1                             *
 * The "Fire in the Hole" Release                                *
 * 2006-02-19                                                    *
*****************************************************************/

WARNING. If you can read this, then you are reading file from 1.5.1cvs and not 
final release notes.


In this edition of SquirrelMail Release Notes:
   * All about this Release!
   * Major updates
   * Security updates
   * Plugin updates
   * Possible issues
   * Backwards incompatible changes
   * Data directory changes
   * Reporting my favorite SquirrelMail bug

All about this Release!
=======================

This is the second release of our new 1.5.x-series, which is a 
DEVELOPMENT release. 

See the Major Updates section of this file for more.


Major updates
==============
Rewritten IMAP functions and added extra data caching code. Internal sorting 
functions should be faster than code used in SquirrelMail 1.5.0 and older 
versions. Data caching should reduce number of IMAP calls in folder management 
and mailbox status functions. 

Own gettext implementation replaced with PHP Gettext classes. Update adds 
ngettext and dgettext support.

Templates, css and error handler. 

Own cookie functions

Updated wrapping functions in compose.


Security updates
================

This release contains security fixes applied to development branch after 1.5.0 
release.
CVE-2004-0521 - SQL injection vulnerability in address book.
CVE-2004-1036 - XSS exploit in decodeHeader function.
CVE-2005-0075 - Potential file inclusion in preference backend selection code.
CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php.
CVE-2005-0104 - Possible XSS issues in src/webmail.php.
CVE-2005-1769 - Several cross site scripting (XSS) attacks.
CVE-2005-2095 - Extraction of all POST variables in advanced identity code.


Plugin updates
==============
Added site configuration options to filters, fortune, translate, newmail, 
bug_report plugins. Improved newmail and change_password plugins.

SquirrelSpell data storage


Possible issues
===============
Cookies
Plugins (changes in hooks and IMAP API)
IMAP sorting/threading

Backward incompatible changes
=============================
Index order options are modified in 1.5.1 version. If older options are 
detected, interface upgrades to newer option format and deletes old options.

In 1.5.1 version SquirrelSpell user dictionaries are saved with generic 
SquirrelMail data functions. Code should copy older dictionary, if dictionary 
version information is not present in user preferences. Once dictionary is 
copied, <username>.words files are obsolete and no longer updated.

If same data directory is used with other backwards incompatible version, older
SquirrelMail version can lose some user preferences or work with outdated data.

Data directory
==============

The directory data/ used to be included in our tarball. Since placing this dir 
under a web accessible directory is not very wise, we've decided to not pack it
anymore; you need to create it yourself. Please choose a location that's safe, 
e.g. somewhere under /var.


Reporting my favorite SquirrelMail bug
======================================

We constantly aim to make SquirrelMail even better. So we need you to submit 
any bug you come across! Also, please mention that the bug is in this 1.5.1 
release, and list your IMAP server and webserver details.

   http://www.squirrelmail.org/bugs

Thanks for your cooperation with this. That helps us to make sure nothing slips
through the cracks. Also, it would help if people would check existing tracker 
items for a bug before reporting it again. This would help to eliminate 
duplicate reports, and increase the time we can spend CODING by DECREASING the 
time we spend sorting through bug reports. And remember, check not only OPEN 
bug reports, but also closed ones as a bug that you report MAY have been fixed 
in CVS already.

If you want to join us in coding SquirrelMail, or have other things to share 
with the developers, join the development mailing list:

   squirrelmail-devel@lists.sourceforge.net


About Our Release Alias
=======================

This release is labeled the "Fire in the Hole" release. "Fire in the hole" is 
a phrase used to warn of the detonation of an explosive device. The phrase may 
have been originated by miners, who made extensive use of explosives while 
working underground.

Release is created in order to get fixed package after two years of development
in HEAD branch. Package contains many experimental changes. Changes add new 
features, that can be unstable and cause inconsistent UI. If you want to use 
stable code, you should stick to SquirrelMail 1.4.x series. If you find issues 
in this package, make sure that they are still present in latest development 
code snapshots. 

                  Happy SquirrelMailing!
                    - The SquirrelMail Project Team
Commit	Line	Data
815d9ba0	1	/*****************************************************************
f7cd8eb4	2	* Release Notes: SquirrelMail 1.5.1 *
	3	* The "Fire in the Hole" Release *
	4	* 2006-02-19 *
	5	*****************************************************************/
	6
	7	WARNING. If you can read this, then you are reading file from 1.5.1cvs and not
	8	final release notes.
	9
	10
815d9ba0	11
a67a0f59	12	In this edition of SquirrelMail Release Notes:
ef1932a4	13	* All about this Release!
3eb34ffd	14	* Major updates
f7cd8eb4	15	* Security updates
	16	* Plugin updates
	17	* Possible issues
	18	* Backwards incompatible changes
	19	* Data directory changes
	20	* Reporting my favorite SquirrelMail bug
a67a0f59	21
ef1932a4	22	All about this Release!
ef1932a4	23	=======================
815d9ba0	24
f7cd8eb4	25	This is the second release of our new 1.5.x-series, which is a
bb91e60d	26	DEVELOPMENT release.
f11c804f	27
bb91e60d	28	See the Major Updates section of this file for more.
a23d0264	29
ef1932a4	30
3eb34ffd	31	Major updates
3eb34ffd	32	==============
f7cd8eb4	33	Rewritten IMAP functions and added extra data caching code. Internal sorting
	34	functions should be faster than code used in SquirrelMail 1.5.0 and older
	35	versions. Data caching should reduce number of IMAP calls in folder management
	36	and mailbox status functions.
	37
	38	Own gettext implementation replaced with PHP Gettext classes. Update adds
	39	ngettext and dgettext support.
	40
	41	Templates, css and error handler.
	42
	43	Own cookie functions
	44
	45	Updated wrapping functions in compose.
	46
	47
	48	Security updates
	49	================
	50
	51	This release contains security fixes applied to development branch after 1.5.0
	52	release.
	53	CVE-2004-0521 - SQL injection vulnerability in address book.
	54	CVE-2004-1036 - XSS exploit in decodeHeader function.
	55	CVE-2005-0075 - Potential file inclusion in preference backend selection code.
	56	CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php.
	57	CVE-2005-0104 - Possible XSS issues in src/webmail.php.
	58	CVE-2005-1769 - Several cross site scripting (XSS) attacks.
	59	CVE-2005-2095 - Extraction of all POST variables in advanced identity code.
	60
	61
	62	Plugin updates
	63	==============
	64	Added site configuration options to filters, fortune, translate, newmail,
	65	bug_report plugins. Improved newmail and change_password plugins.
	66
	67	SquirrelSpell data storage
	68
	69
	70	Possible issues
	71	===============
	72	Cookies
	73	Plugins (changes in hooks and IMAP API)
	74	IMAP sorting/threading
	75
	76	Backward incompatible changes
	77	=============================
	78	Index order options are modified in 1.5.1 version. If older options are
	79	detected, interface upgrades to newer option format and deletes old options.
3eb34ffd	80
f7cd8eb4	81	In 1.5.1 version SquirrelSpell user dictionaries are saved with generic
	82	SquirrelMail data functions. Code should copy older dictionary, if dictionary
	83	version information is not present in user preferences. Once dictionary is
	84	copied, <username>.words files are obsolete and no longer updated.
a23d0264	85
f7cd8eb4	86	If same data directory is used with other backwards incompatible version, older
f7cd8eb4	87	SquirrelMail version can lose some user preferences or work with outdated data.
368ab966	88
	89	Data directory
	90	==============
	91
f7cd8eb4	92	The directory data/ used to be included in our tarball. Since placing this dir
	93	under a web accessible directory is not very wise, we've decided to not pack it
	94	anymore; you need to create it yourself. Please choose a location that's safe,
	95	e.g. somewhere under /var.
368ab966	96
368ab966	97
f7cd8eb4	98	Reporting my favorite SquirrelMail bug
f7cd8eb4	99	======================================
a23d0264	100
f7cd8eb4	101	We constantly aim to make SquirrelMail even better. So we need you to submit
	102	any bug you come across! Also, please mention that the bug is in this 1.5.1
	103	release, and list your IMAP server and webserver details.
a67a0f59	104
	105	http://www.squirrelmail.org/bugs
	106
f7cd8eb4	107	Thanks for your cooperation with this. That helps us to make sure nothing slips
	108	through the cracks. Also, it would help if people would check existing tracker
	109	items for a bug before reporting it again. This would help to eliminate
	110	duplicate reports, and increase the time we can spend CODING by DECREASING the
	111	time we spend sorting through bug reports. And remember, check not only OPEN
	112	bug reports, but also closed ones as a bug that you report MAY have been fixed
	113	in CVS already.
a67a0f59	114
f7cd8eb4	115	If you want to join us in coding SquirrelMail, or have other things to share
f7cd8eb4	116	with the developers, join the development mailing list:
a67a0f59	117
a23d0264	118	squirrelmail-devel@lists.sourceforge.net
815d9ba0	119
0ca033d5	120
ef1932a4	121	About Our Release Alias
	122	=======================
	123
f7cd8eb4	124	This release is labeled the "Fire in the Hole" release. "Fire in the hole" is
	125	a phrase used to warn of the detonation of an explosive device. The phrase may
	126	have been originated by miners, who made extensive use of explosives while
	127	working underground.
	128
	129	Release is created in order to get fixed package after two years of development
	130	in HEAD branch. Package contains many experimental changes. Changes add new
	131	features, that can be unstable and cause inconsistent UI. If you want to use
	132	stable code, you should stick to SquirrelMail 1.4.x series. If you find issues
	133	in this package, make sure that they are still present in latest development
	134	code snapshots.
ef1932a4	135
815d9ba0	136	Happy SquirrelMailing!
815d9ba0	137	- The SquirrelMail Project Team