The old thread code caused time outs with a message set of 15000 messages so
[squirrelmail.git] / ReleaseNotes
815d9ba0 1/*****************************************************************
f7cd8eb4 2 * Release Notes: SquirrelMail 1.5.1 *
3 * The "Fire in the Hole" Release *
4 * 2006-02-19 *
5a614456 7WARNING. If you can read this, then you are reading file from 1.5.1cvs and not
f7cd8eb4 8final release notes.
a67a0f59 11In this edition of SquirrelMail Release Notes:
b3eff6ca 12 * All About This Release!
13 * Major Updates
14 * Security Updates
15 * Plugin Updates
16 * Possible Issues
17 * Backwards Incompatible Changes
18 * Data Directory Changes
19 * Reporting Your Favorite SquirrelMail Bug
815d9ba0 21
b3eff6ca 22All About This Release!
5a614456 24This is the second release of our new 1.5.x-series, which is a
25DEVELOPMENT release.
f11c804f 26
b3eff6ca 27See the Major Updates section of this file for more information.
a23d0264 28
ef1932a4 29
b3eff6ca 30Major Updates
3eb34ffd 31==============
b3eff6ca 32Rewritten IMAP functions and optimized IMAP data caching code. Internal
33sorting functions should be faster than code used in SquirrelMail <= 1.5.0.
34Together with the optimized caching code, all the logic concerning sorting has
35been rewritten so that Squirrelmail can display more columns with sort support
36in the messages list. I.e. the From and To column in the same view sorted on
37size. Also, the number of IMAP calls is reduced by smarter caching in the IMAP
38mailbox area and by the optimized header and sort cache code. Reducing the
39amount of IMAP calls will lower the load on your IMAP server and increase
5a614456 40SquirrelMail performance.
b3eff6ca 42In-house gettext implementation replaced with PHP Gettext classes. Update adds
f7cd8eb4 43ngettext and dgettext support.
b3eff6ca 45Begin work on separating the SquirrelMail internal logic from user interface
46related logic. This has resulted in the first (very) rough CSS-based PHP
47templates. In future releases we will finish the mentioned separation and work
48on simpler templates.
5a614456 49
b3eff6ca 50Added JavaScript-based message row highlighting code (disabled by default) for
5a614456 51faster selection of messages in the messages list.
b3eff6ca 53Usage of a centralized error handler. Development will continue in 1.5.2.
f7cd8eb4 54
b3eff6ca 55SquirrelMail has started using internal cookie functions in order to have more
56control over cookie format. Cookies set with sqsetcookie() function now use an
57extra parameter (HttpOnly) to secure cookie information by making the cookie
58not accessible to scripts (particularly, JavaScript). This feature is only
59supported in browsers that follow the MSDN cookie specifications (see
61Currently this is limited to IE6 >= SP1.
53bbd9b3 62
b3eff6ca 63SquirrelMail IMAP and SMTP libraries now support use of STARTTLS extension.
5a614456 64The code is experimental and requires PHP 5.1.0 or newer with
b3eff6ca 65stream_socket_enable_crypto() function support enabled.
f7cd8eb4 66
67Updated wrapping functions in compose.
b3eff6ca 69Added code for advanced searching in messages. Now it's possible to switch
5a614456 70between normal search and advanced search.
f7cd8eb4 72
b3eff6ca 73Security Updates
f7cd8eb4 74================
5a614456 75This release contains security fixes applied to development branch after 1.5.0
53bbd9b3 76release:
77 CVE-2004-0521 - SQL injection vulnerability in address book.
78 CVE-2004-1036 - XSS exploit in decodeHeader function.
79 CVE-2005-0075 - Potential file inclusion in preference backend selection code.
80 CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php.
81 CVE-2005-0104 - Possible XSS issues in src/webmail.php.
82 CVE-2005-1769 - Several cross site scripting (XSS) attacks.
83 CVE-2005-2095 - Extraction of all POST variables in advanced identity code.
dfce8fce 84 CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php.
85 CVE-2006-0195 - Possible XSS in MagicHTML, IE only.
86 CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter.
53bbd9b3 87
88If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest
89stable SquirrelMail version.
f7cd8eb4 90
b3eff6ca 91
92Plugin Updates
f7cd8eb4 93==============
b3eff6ca 94Added site configuration options for filters, fortune, translate, newmail,
5a614456 95bug_report plugins. Improved newmail and change_password plugins. Fixed data
53bbd9b3 96corruption issues in calendar plugin.
f7cd8eb4 97
53bbd9b3 98SquirrelSpell plugin was updated to use generic SquirrelMail preference functions.
5a614456 99User preferences and personal dictionaries that were stored in .words files are
53bbd9b3 100moved to .pref files or other configured user data storage backend.
f7cd8eb4 101
b3eff6ca 103Possible Issues
f7cd8eb4 104===============
5a614456 105Internal SquirrelMail cookie implementation is experimental. If you have cookie
b3eff6ca 106expiration or corruption issues and can reproduce them only in 1.5.1 version,
107contact one of the SquirrelMail developers and to help them debug the issue.
53bbd9b3 108
683963df 109SquirrelMail 1.5.1 changed some functions and hooks. login_form hook requires
b3eff6ca 110different coding style. html_top, html_bottom, internal_link hooks have been
111removed. src/move_messages.php code has been moved to the main mailbox listing
112script. Some hooks may be broken after implementation of templates, especially
113in mailbox listing pages. soupNazi() function has been replaced with the
114checkForJavascript() function. sqimap_messages_delete(),
115sqimap_messages_copy(), sqimap_messages_flag() and sqimap_get_small_header()
116functions are now obsolete. Some IMAP functions return data in different
117format. If plugins depend on changed or removed functions, they will break in
118this version of SquirrelMail.
683963df 119
5a614456 120This SquirrelMail version implemented code that unregisters globals in PHP
b3eff6ca 121register_globals=on setups. Plugins that load main SquirrelMail functions and
122depend on PHP register_globals=on will be broken.
53bbd9b3 123
f7cd8eb4 124IMAP sorting/threading
b3eff6ca 125By default, SquirrelMail will make use of the capabilities provided by the IMAP
5a614456 126server. This means that if the IMAP server supports SORT and THREAD sorting then
127SquirrelMail makes use of it. Some broken IMAP servers advertise the SORT and
128THREAD capabilities although they do not support it. For those IMAP servers
129there is a config option to disable the use of SORT and THREAD sort.
f7cd8eb4 130
b3eff6ca 131Backward Incompatible Changes
f7cd8eb4 132=============================
5a614456 133Index order options are modified in 1.5.1 version. If older options are
f7cd8eb4 134detected, interface upgrades to newer option format and deletes old options.
3eb34ffd 135
b3eff6ca 136In version 1.5.1, SquirrelSpell user dictionaries are saved with generic
137SquirrelMail data functions. SquirrelSpell should copy older dictionaries
138if dictionary version information is not present in user preferences. Once
139the dictionary is copied, <username>.words files are obsolete and no longer
a23d0264 141
b3eff6ca 142If the same data directory is used with other backwards incompatible versions,
143the older SquirrelMail version may lose some user preferences or work with
144outdated data. Admins are advised to use a separate data directory for the
1451.5.1 release. The data directory can be configured by running configure.
5a614456 146
b3eff6ca 147Data Directory
368ab966 148==============
b3eff6ca 149The directory data/ is no longer included in our tarball. Since placing this
150directory under a web-accessible directory is not very wise, we've decided to
151not pack it anymore. Admins will need to create it. Please choose a location
152that's safe (not web accessible), e.g. /var/squirrelmail/data.
154Reporting Your Favorite SquirrelMail Bug
156We constantly aim to make SquirrelMail even better, so we need you to submit
157any bugs you come across! Also, please mention that the bug is in this release
158(version 1.5.1), and list your IMAP server and web server details. Bugs can be
159submitted at:
a67a0f59 160
b3eff6ca 163Thanks for your cooperation with this. This helps ensure that nothing slips
164through the cracks. Also, please search the bug database for existing items
165before submitting a new bug. This will help to eliminate duplicate reports and
166increase the time we can spend FIXING existing bugs by DECREASING the time we
167spend sorting through bug reports. Remember to check for CLOSED bug reports
168also, not just OPEN bug reports, in case a bug you want to report may have been
169recently fixed in CVS.
a67a0f59 170
5a614456 171If you want to join us in coding SquirrelMail, or have other things to share
f7cd8eb4 172with the developers, join the development mailing list:
a67a0f59 173
a23d0264 174
815d9ba0 175
0ca033d5 176
ef1932a4 177About Our Release Alias
b3eff6ca 179This release is labeled the "Fire in the Hole" release. "Fire in the Hole" is
5a614456 180a phrase used to warn of the detonation of an explosive device. The phrase may
181have been originated by miners, who made extensive use of explosives while
f7cd8eb4 182working underground.
b3eff6ca 184This release has been created to get a fixed package after more than two years
185of development in the CVS HEAD branch. This package contains many experimental
186changes. These changes add new features that can/will be unstable and/or
187create an inconsistent UI. If you want to use stable code, you should stick to
188the 1.4.x series of SquirrelMail. If you find issues in this package, make
189sure that they are still present in the latest development code snapshots. To
190obtain thelatest development snapshot, see
ef1932a4 193
815d9ba0 194 Happy SquirrelMailing!
195 - The SquirrelMail Project Team