adding new options to plugin defines.
[squirrelmail.git] / ReleaseNotes
815d9ba0 1/*****************************************************************
f7cd8eb4 2 * Release Notes: SquirrelMail 1.5.1 *
3 * The "Fire in the Hole" Release *
4 * 2006-02-19 *
7WARNING. If you can read this, then you are reading file from 1.5.1cvs and not
8final release notes.
815d9ba0 11
a67a0f59 12In this edition of SquirrelMail Release Notes:
ef1932a4 13 * All about this Release!
3eb34ffd 14 * Major updates
f7cd8eb4 15 * Security updates
16 * Plugin updates
17 * Possible issues
18 * Backwards incompatible changes
19 * Data directory changes
20 * Reporting my favorite SquirrelMail bug
a67a0f59 21
ef1932a4 22All about this Release!
815d9ba0 24
f7cd8eb4 25This is the second release of our new 1.5.x-series, which is a
bb91e60d 26DEVELOPMENT release.
f11c804f 27
bb91e60d 28See the Major Updates section of this file for more.
a23d0264 29
ef1932a4 30
3eb34ffd 31Major updates
f7cd8eb4 33Rewritten IMAP functions and added extra data caching code. Internal sorting
34functions should be faster than code used in SquirrelMail 1.5.0 and older
35versions. Data caching should reduce number of IMAP calls in folder management
36and mailbox status functions.
38Own gettext implementation replaced with PHP Gettext classes. Update adds
39ngettext and dgettext support.
41Templates, css and error handler.
53bbd9b3 43SquirrelMail started using internal cookie functions in order to have more
44controls over cookie format. Cookies set with sqsetcookie() function use
45extra parameter that secures cookie information in browsers that follow
46MSDN cookie specifications.
48SquirrelMail IMAP and SMTP libraries updated to allow use of STARTTLS extension.
49Code is experimental and requires PHP 5.1.0 or newer with
50stream_socket_enable_crypto() function support.
f7cd8eb4 51
52Updated wrapping functions in compose.
55Security updates
58This release contains security fixes applied to development branch after 1.5.0
53bbd9b3 59release:
60 CVE-2004-0521 - SQL injection vulnerability in address book.
61 CVE-2004-1036 - XSS exploit in decodeHeader function.
62 CVE-2005-0075 - Potential file inclusion in preference backend selection code.
63 CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php.
64 CVE-2005-0104 - Possible XSS issues in src/webmail.php.
65 CVE-2005-1769 - Several cross site scripting (XSS) attacks.
66 CVE-2005-2095 - Extraction of all POST variables in advanced identity code.
dfce8fce 67 CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php.
68 CVE-2006-0195 - Possible XSS in MagicHTML, IE only.
69 CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter.
53bbd9b3 70
71If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest
72stable SquirrelMail version.
f7cd8eb4 73
74Plugin updates
76Added site configuration options to filters, fortune, translate, newmail,
53bbd9b3 77bug_report plugins. Improved newmail and change_password plugins. Fixed data
78corruption issues in calendar plugin.
f7cd8eb4 79
53bbd9b3 80SquirrelSpell plugin was updated to use generic SquirrelMail preference functions.
81User preferences and personal dictionaries that were stored in .words files are
82moved to .pref files or other configured user data storage backend.
f7cd8eb4 83
85Possible issues
53bbd9b3 87Internal SquirrelMail cookie implementation is experimental. If you have cookie
88expiration or corruption issues with some browser and can reproduce them only in
891.5.1 version, contact SquirrelMail developers and help them to debug your issue.
683963df 91SquirrelMail 1.5.1 changed some functions and hooks. login_form hook requires
92different coding style. html_top, html_bottom, internal_link hooks are removed.
93src/move_messages.php code moved to main mailbox listing script. Some hooks are
94broken after implementation of templates in mailbox listing pages. soupNazi()
95function is replaced with checkForJavascript() function. sqimap_messages_delete,
96sqimap_messages_copy, sqimap_messages_flag and sqimap_get_small_header()
97functions are obsoleted. Some IMAP functions return data in different format.
98If plugins depend on changed or removed functions, they will break in this
99SquirrelMail version.
101This SquirrelMail version implemented code that unregisters globals in PHP
102register_globals=on setups. If some plugin loads main SquirrelMail functions
103and depends on PHP register_globals, it will be broken.
53bbd9b3 104
f7cd8eb4 105IMAP sorting/threading
107Backward incompatible changes
109Index order options are modified in 1.5.1 version. If older options are
110detected, interface upgrades to newer option format and deletes old options.
3eb34ffd 111
f7cd8eb4 112In 1.5.1 version SquirrelSpell user dictionaries are saved with generic
113SquirrelMail data functions. Code should copy older dictionary, if dictionary
114version information is not present in user preferences. Once dictionary is
115copied, <username>.words files are obsolete and no longer updated.
a23d0264 116
f7cd8eb4 117If same data directory is used with other backwards incompatible version, older
118SquirrelMail version can lose some user preferences or work with outdated data.
368ab966 119
120Data directory
f7cd8eb4 123The directory data/ used to be included in our tarball. Since placing this dir
124under a web accessible directory is not very wise, we've decided to not pack it
125anymore; you need to create it yourself. Please choose a location that's safe,
126e.g. somewhere under /var.
368ab966 127
f7cd8eb4 129Reporting my favorite SquirrelMail bug
a23d0264 131
f7cd8eb4 132We constantly aim to make SquirrelMail even better. So we need you to submit
133any bug you come across! Also, please mention that the bug is in this 1.5.1
134release, and list your IMAP server and webserver details.
a67a0f59 135
f7cd8eb4 138Thanks for your cooperation with this. That helps us to make sure nothing slips
139through the cracks. Also, it would help if people would check existing tracker
140items for a bug before reporting it again. This would help to eliminate
141duplicate reports, and increase the time we can spend CODING by DECREASING the
142time we spend sorting through bug reports. And remember, check not only OPEN
143bug reports, but also closed ones as a bug that you report MAY have been fixed
144in CVS already.
a67a0f59 145
f7cd8eb4 146If you want to join us in coding SquirrelMail, or have other things to share
147with the developers, join the development mailing list:
a67a0f59 148
a23d0264 149
815d9ba0 150
0ca033d5 151
ef1932a4 152About Our Release Alias
f7cd8eb4 155This release is labeled the "Fire in the Hole" release. "Fire in the hole" is
156a phrase used to warn of the detonation of an explosive device. The phrase may
157have been originated by miners, who made extensive use of explosives while
158working underground.
160Release is created in order to get fixed package after two years of development
161in HEAD branch. Package contains many experimental changes. Changes add new
162features, that can be unstable and cause inconsistent UI. If you want to use
163stable code, you should stick to SquirrelMail 1.4.x series. If you find issues
164in this package, make sure that they are still present in latest development
165code snapshots.
ef1932a4 166
815d9ba0 167 Happy SquirrelMailing!
168 - The SquirrelMail Project Team