start working on 1.5.1 release notes
[squirrelmail.git] / ReleaseNotes
CommitLineData
815d9ba0 1/*****************************************************************
f7cd8eb4 2 * Release Notes: SquirrelMail 1.5.1 *
3 * The "Fire in the Hole" Release *
4 * 2006-02-19 *
5*****************************************************************/
6
7WARNING. If you can read this, then you are reading file from 1.5.1cvs and not
8final release notes.
9
10
815d9ba0 11
a67a0f59 12In this edition of SquirrelMail Release Notes:
ef1932a4 13 * All about this Release!
3eb34ffd 14 * Major updates
f7cd8eb4 15 * Security updates
16 * Plugin updates
17 * Possible issues
18 * Backwards incompatible changes
19 * Data directory changes
20 * Reporting my favorite SquirrelMail bug
a67a0f59 21
ef1932a4 22All about this Release!
23=======================
815d9ba0 24
f7cd8eb4 25This is the second release of our new 1.5.x-series, which is a
bb91e60d 26DEVELOPMENT release.
f11c804f 27
bb91e60d 28See the Major Updates section of this file for more.
a23d0264 29
ef1932a4 30
3eb34ffd 31Major updates
32==============
f7cd8eb4 33Rewritten IMAP functions and added extra data caching code. Internal sorting
34functions should be faster than code used in SquirrelMail 1.5.0 and older
35versions. Data caching should reduce number of IMAP calls in folder management
36and mailbox status functions.
37
38Own gettext implementation replaced with PHP Gettext classes. Update adds
39ngettext and dgettext support.
40
41Templates, css and error handler.
42
43Own cookie functions
44
45Updated wrapping functions in compose.
46
47
48Security updates
49================
50
51This release contains security fixes applied to development branch after 1.5.0
52release.
53CVE-2004-0521 - SQL injection vulnerability in address book.
54CVE-2004-1036 - XSS exploit in decodeHeader function.
55CVE-2005-0075 - Potential file inclusion in preference backend selection code.
56CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php.
57CVE-2005-0104 - Possible XSS issues in src/webmail.php.
58CVE-2005-1769 - Several cross site scripting (XSS) attacks.
59CVE-2005-2095 - Extraction of all POST variables in advanced identity code.
60
61
62Plugin updates
63==============
64Added site configuration options to filters, fortune, translate, newmail,
65bug_report plugins. Improved newmail and change_password plugins.
66
67SquirrelSpell data storage
68
69
70Possible issues
71===============
72Cookies
73Plugins (changes in hooks and IMAP API)
74IMAP sorting/threading
75
76Backward incompatible changes
77=============================
78Index order options are modified in 1.5.1 version. If older options are
79detected, interface upgrades to newer option format and deletes old options.
3eb34ffd 80
f7cd8eb4 81In 1.5.1 version SquirrelSpell user dictionaries are saved with generic
82SquirrelMail data functions. Code should copy older dictionary, if dictionary
83version information is not present in user preferences. Once dictionary is
84copied, <username>.words files are obsolete and no longer updated.
a23d0264 85
f7cd8eb4 86If same data directory is used with other backwards incompatible version, older
87SquirrelMail version can lose some user preferences or work with outdated data.
368ab966 88
89Data directory
90==============
91
f7cd8eb4 92The directory data/ used to be included in our tarball. Since placing this dir
93under a web accessible directory is not very wise, we've decided to not pack it
94anymore; you need to create it yourself. Please choose a location that's safe,
95e.g. somewhere under /var.
368ab966 96
97
f7cd8eb4 98Reporting my favorite SquirrelMail bug
99======================================
a23d0264 100
f7cd8eb4 101We constantly aim to make SquirrelMail even better. So we need you to submit
102any bug you come across! Also, please mention that the bug is in this 1.5.1
103release, and list your IMAP server and webserver details.
a67a0f59 104
105 http://www.squirrelmail.org/bugs
106
f7cd8eb4 107Thanks for your cooperation with this. That helps us to make sure nothing slips
108through the cracks. Also, it would help if people would check existing tracker
109items for a bug before reporting it again. This would help to eliminate
110duplicate reports, and increase the time we can spend CODING by DECREASING the
111time we spend sorting through bug reports. And remember, check not only OPEN
112bug reports, but also closed ones as a bug that you report MAY have been fixed
113in CVS already.
a67a0f59 114
f7cd8eb4 115If you want to join us in coding SquirrelMail, or have other things to share
116with the developers, join the development mailing list:
a67a0f59 117
a23d0264 118 squirrelmail-devel@lists.sourceforge.net
815d9ba0 119
0ca033d5 120
ef1932a4 121About Our Release Alias
122=======================
123
f7cd8eb4 124This release is labeled the "Fire in the Hole" release. "Fire in the hole" is
125a phrase used to warn of the detonation of an explosive device. The phrase may
126have been originated by miners, who made extensive use of explosives while
127working underground.
128
129Release is created in order to get fixed package after two years of development
130in HEAD branch. Package contains many experimental changes. Changes add new
131features, that can be unstable and cause inconsistent UI. If you want to use
132stable code, you should stick to SquirrelMail 1.4.x series. If you find issues
133in this package, make sure that they are still present in latest development
134code snapshots.
ef1932a4 135
815d9ba0 136 Happy SquirrelMailing!
137 - The SquirrelMail Project Team