[squirrelmail.git] / ReleaseNotes

/*****************************************************************
 * Release Notes: SquirrelMail 1.5.1                             *
 * The "Fire in the Hole" Release                                *
 * 2006-02-19                                                    *
*****************************************************************/

WARNING. If you can read this, then you are reading file from 1.5.1cvs and not
final release notes.


In this edition of SquirrelMail Release Notes:
   * All about this Release!
   * Major updates
   * Security updates
   * Plugin updates
   * Possible issues
   * Backwards incompatible changes
   * Data directory changes
   * Reporting my favorite SquirrelMail bug

All about this Release!
=======================

This is the second release of our new 1.5.x-series, which is a
DEVELOPMENT release.

See the Major Updates section of this file for more.


Major updates
==============
Rewritten IMAP functions and added optimized imap data caching code. Internal
sorting functions should be faster than code used in SquirrelMail 1.5.0 and
older versions. Together with the optimized caching code all the logic
concerning sorting is rewritten in order to achieve that Squirrelmail can
display more columns with sort support in the messages list. I.e. the From and
To column in the same view sorted on size.
The amount of IMAP calls is reduced by smarter caching in the imap mailbox area
and the  optimized header- and sort cache as described before. Reducing the
amount of IMAP calls will lower the load of your IMAP server and increase the
SquirrelMail performance.

Own gettext implementation replaced with PHP Gettext classes. Update adds
ngettext and dgettext support.

Initiation of separating the SquirrelMail internal logic from user interface
related logic which resulted in the first rough css based templates in php. In
future releases we finish the mentioned separation and work on simpler
templates.

Added javascript based message row highlighting code (disabled by default) for
faster selection of messages in the messages list.

Usage of a centralized error handler (moving process continues in 1.5.2).

SquirrelMail started using internal cookie functions in order to have more
controls over cookie format. Cookies set with sqsetcookie() function use
extra parameter (HttpOnly) that protects cookie information for javascript
access in browsers that follow MSDN cookie specifications (currently recent IE6
versions).

SquirrelMail IMAP and SMTP libraries updated to allow use of STARTTLS extension.
The code is experimental and requires PHP 5.1.0 or newer with
stream_socket_enable_crypto() function support.

Updated wrapping functions in compose.

Added code for advanced searching in message. Now it's possible to switch
between normal search and advanced search.


Security updates
================

This release contains security fixes applied to development branch after 1.5.0
release:
 CVE-2004-0521 - SQL injection vulnerability in address book.
 CVE-2004-1036 - XSS exploit in decodeHeader function.
 CVE-2005-0075 - Potential file inclusion in preference backend selection code.
 CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php.
 CVE-2005-0104 - Possible XSS issues in src/webmail.php.
 CVE-2005-1769 - Several cross site scripting (XSS) attacks.
 CVE-2005-2095 - Extraction of all POST variables in advanced identity code.
 CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php.
 CVE-2006-0195 - Possible XSS in MagicHTML, IE only.
 CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter.

If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest
stable SquirrelMail version.

Plugin updates
==============
Added site configuration options to filters, fortune, translate, newmail,
bug_report plugins. Improved newmail and change_password plugins. Fixed data
corruption issues in calendar plugin.

SquirrelSpell plugin was updated to use generic SquirrelMail preference functions.
User preferences and personal dictionaries that were stored in .words files are
moved to .pref files or other configured user data storage backend.


Possible issues
===============
Internal SquirrelMail cookie implementation is experimental. If you have cookie
expiration or corruption issues with some browser and can reproduce them only in
1.5.1 version, contact one of the SquirrelMail developers and help them to debug
your issue.

SquirrelMail 1.5.1 changed some functions and hooks. login_form hook requires
different coding style. html_top, html_bottom, internal_link hooks are removed.
src/move_messages.php code moved to main mailbox listing script. Some hooks are
broken after implementation of templates in mailbox listing pages. soupNazi()
function is replaced with checkForJavascript() function. sqimap_messages_delete,
sqimap_messages_copy, sqimap_messages_flag and sqimap_get_small_header()
functions are obsoleted. Some IMAP functions return data in different format.
If plugins depend on changed or removed functions, they will break in this
SquirrelMail version.

This SquirrelMail version implemented code that unregisters globals in PHP
register_globals=on setups. If some plugin loads main SquirrelMail functions
and depends on PHP register_globals, it will be broken.

IMAP sorting/threading
By default SquirrelMail will make use of the capabilities provided by the IMAP
server. This means that if the IMAP server supports SORT and THREAD sorting then
SquirrelMail makes use of it. Some broken IMAP servers advertise the SORT and
THREAD capabilities although they do not support it. For those IMAP servers
there is a config option to disable the use of SORT and THREAD sort.

Backward incompatible changes
=============================
Index order options are modified in 1.5.1 version. If older options are
detected, interface upgrades to newer option format and deletes old options.

In 1.5.1 version SquirrelSpell user dictionaries are saved with generic
SquirrelMail data functions. Code should copy older dictionary, if dictionary
version information is not present in user preferences. Once dictionary is
copied, <username>.words files are obsolete and no longer updated.

If the same data directory is used with other backwards incompatible version,
the older SquirrelMail version can lose some user preferences or work with
outdated data. We advise to use separate data directory for the 1.5.1 release.
The data directory can be configured by running configure.


Data directory
==============

The directory data/ used to be included in our tarball. Since placing this dir
under a web accessible directory is not very wise, we've decided to not pack it
anymore; you need to create it yourself. Please choose a location that's safe,
e.g. somewhere under /var.


Reporting my favorite SquirrelMail bug
======================================

We constantly aim to make SquirrelMail even better. So we need you to submit
any bug you come across! Also, please mention that the bug is in this 1.5.1
release, and list your IMAP server and webserver details.

   http://www.squirrelmail.org/bugs

Thanks for your cooperation with this. That helps us to make sure nothing slips
through the cracks. Also, it would help if people would check existing tracker
items for a bug before reporting it again. This would help to eliminate
duplicate reports, and increase the time we can spend CODING by DECREASING the
time we spend sorting through bug reports. And remember, check not only OPEN
bug reports, but also closed ones as a bug that you report MAY have been fixed
in CVS already.

If you want to join us in coding SquirrelMail, or have other things to share
with the developers, join the development mailing list:

   squirrelmail-devel@lists.sourceforge.net


About Our Release Alias
=======================

This release is labeled the "Fire in the Hole" release. "Fire in the hole" is
a phrase used to warn of the detonation of an explosive device. The phrase may
have been originated by miners, who made extensive use of explosives while
working underground.

Release is created in order to get fixed package after two years of development
in HEAD branch. Package contains many experimental changes. Changes add new
features, that can be unstable and cause inconsistent UI. If you want to use
stable code, you should stick to SquirrelMail 1.4.x series. If you find issues
in this package, make sure that they are still present in latest development
code snapshots.

                  Happy SquirrelMailing!
                    - The SquirrelMail Project Team
Commit	Line	Data
	1	/*****************************************************************
	2	* Release Notes: SquirrelMail 1.5.1 *
	3	* The "Fire in the Hole" Release *
	4	* 2006-02-19 *
	5	*****************************************************************/
	6
	7	WARNING. If you can read this, then you are reading file from 1.5.1cvs and not
	8	final release notes.
	9
	10
	11
	12	In this edition of SquirrelMail Release Notes:
	13	* All about this Release!
	14	* Major updates
	15	* Security updates
	16	* Plugin updates
	17	* Possible issues
	18	* Backwards incompatible changes
	19	* Data directory changes
	20	* Reporting my favorite SquirrelMail bug
	21
	22	All about this Release!
	23	=======================
	24
	25	This is the second release of our new 1.5.x-series, which is a
	26	DEVELOPMENT release.
	27
	28	See the Major Updates section of this file for more.
	29
	30
	31	Major updates
	32	==============
	33	Rewritten IMAP functions and added optimized imap data caching code. Internal
	34	sorting functions should be faster than code used in SquirrelMail 1.5.0 and
	35	older versions. Together with the optimized caching code all the logic
	36	concerning sorting is rewritten in order to achieve that Squirrelmail can
	37	display more columns with sort support in the messages list. I.e. the From and
	38	To column in the same view sorted on size.
	39	The amount of IMAP calls is reduced by smarter caching in the imap mailbox area
	40	and the optimized header- and sort cache as described before. Reducing the
	41	amount of IMAP calls will lower the load of your IMAP server and increase the
	42	SquirrelMail performance.
	43
	44	Own gettext implementation replaced with PHP Gettext classes. Update adds
	45	ngettext and dgettext support.
	46
	47	Initiation of separating the SquirrelMail internal logic from user interface
	48	related logic which resulted in the first rough css based templates in php. In
	49	future releases we finish the mentioned separation and work on simpler
	50	templates.
	51
	52	Added javascript based message row highlighting code (disabled by default) for
	53	faster selection of messages in the messages list.
	54
	55	Usage of a centralized error handler (moving process continues in 1.5.2).
	56
	57	SquirrelMail started using internal cookie functions in order to have more
	58	controls over cookie format. Cookies set with sqsetcookie() function use
	59	extra parameter (HttpOnly) that protects cookie information for javascript
	60	access in browsers that follow MSDN cookie specifications (currently recent IE6
	61	versions).
	62
	63	SquirrelMail IMAP and SMTP libraries updated to allow use of STARTTLS extension.
	64	The code is experimental and requires PHP 5.1.0 or newer with
	65	stream_socket_enable_crypto() function support.
	66
	67	Updated wrapping functions in compose.
	68
	69	Added code for advanced searching in message. Now it's possible to switch
	70	between normal search and advanced search.
	71
	72
	73	Security updates
	74	================
	75
	76	This release contains security fixes applied to development branch after 1.5.0
	77	release:
	78	CVE-2004-0521 - SQL injection vulnerability in address book.
	79	CVE-2004-1036 - XSS exploit in decodeHeader function.
	80	CVE-2005-0075 - Potential file inclusion in preference backend selection code.
	81	CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php.
	82	CVE-2005-0104 - Possible XSS issues in src/webmail.php.
	83	CVE-2005-1769 - Several cross site scripting (XSS) attacks.
	84	CVE-2005-2095 - Extraction of all POST variables in advanced identity code.
	85	CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php.
	86	CVE-2006-0195 - Possible XSS in MagicHTML, IE only.
	87	CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter.
	88
	89	If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest
	90	stable SquirrelMail version.
	91
	92	Plugin updates
	93	==============
	94	Added site configuration options to filters, fortune, translate, newmail,
	95	bug_report plugins. Improved newmail and change_password plugins. Fixed data
	96	corruption issues in calendar plugin.
	97
	98	SquirrelSpell plugin was updated to use generic SquirrelMail preference functions.
	99	User preferences and personal dictionaries that were stored in .words files are
	100	moved to .pref files or other configured user data storage backend.
	101
	102
	103	Possible issues
	104	===============
	105	Internal SquirrelMail cookie implementation is experimental. If you have cookie
	106	expiration or corruption issues with some browser and can reproduce them only in
	107	1.5.1 version, contact one of the SquirrelMail developers and help them to debug
	108	your issue.
	109
	110	SquirrelMail 1.5.1 changed some functions and hooks. login_form hook requires
	111	different coding style. html_top, html_bottom, internal_link hooks are removed.
	112	src/move_messages.php code moved to main mailbox listing script. Some hooks are
	113	broken after implementation of templates in mailbox listing pages. soupNazi()
	114	function is replaced with checkForJavascript() function. sqimap_messages_delete,
	115	sqimap_messages_copy, sqimap_messages_flag and sqimap_get_small_header()
	116	functions are obsoleted. Some IMAP functions return data in different format.
	117	If plugins depend on changed or removed functions, they will break in this
	118	SquirrelMail version.
	119
	120	This SquirrelMail version implemented code that unregisters globals in PHP
	121	register_globals=on setups. If some plugin loads main SquirrelMail functions
	122	and depends on PHP register_globals, it will be broken.
	123
	124	IMAP sorting/threading
	125	By default SquirrelMail will make use of the capabilities provided by the IMAP
	126	server. This means that if the IMAP server supports SORT and THREAD sorting then
	127	SquirrelMail makes use of it. Some broken IMAP servers advertise the SORT and
	128	THREAD capabilities although they do not support it. For those IMAP servers
	129	there is a config option to disable the use of SORT and THREAD sort.
	130
	131	Backward incompatible changes
	132	=============================
	133	Index order options are modified in 1.5.1 version. If older options are
	134	detected, interface upgrades to newer option format and deletes old options.
	135
	136	In 1.5.1 version SquirrelSpell user dictionaries are saved with generic
	137	SquirrelMail data functions. Code should copy older dictionary, if dictionary
	138	version information is not present in user preferences. Once dictionary is
	139	copied, <username>.words files are obsolete and no longer updated.
	140
	141	If the same data directory is used with other backwards incompatible version,
	142	the older SquirrelMail version can lose some user preferences or work with
	143	outdated data. We advise to use separate data directory for the 1.5.1 release.
	144	The data directory can be configured by running configure.
	145
	146
	147	Data directory
	148	==============
	149
	150	The directory data/ used to be included in our tarball. Since placing this dir
	151	under a web accessible directory is not very wise, we've decided to not pack it
	152	anymore; you need to create it yourself. Please choose a location that's safe,
	153	e.g. somewhere under /var.
	154
	155
	156	Reporting my favorite SquirrelMail bug
	157	======================================
	158
	159	We constantly aim to make SquirrelMail even better. So we need you to submit
	160	any bug you come across! Also, please mention that the bug is in this 1.5.1
	161	release, and list your IMAP server and webserver details.
	162
	163	http://www.squirrelmail.org/bugs
	164
	165	Thanks for your cooperation with this. That helps us to make sure nothing slips
	166	through the cracks. Also, it would help if people would check existing tracker
	167	items for a bug before reporting it again. This would help to eliminate
	168	duplicate reports, and increase the time we can spend CODING by DECREASING the
	169	time we spend sorting through bug reports. And remember, check not only OPEN
	170	bug reports, but also closed ones as a bug that you report MAY have been fixed
	171	in CVS already.
	172
	173	If you want to join us in coding SquirrelMail, or have other things to share
	174	with the developers, join the development mailing list:
	175
	176	squirrelmail-devel@lists.sourceforge.net
	177
	178
	179	About Our Release Alias
	180	=======================
	181
	182	This release is labeled the "Fire in the Hole" release. "Fire in the hole" is
	183	a phrase used to warn of the detonation of an explosive device. The phrase may
	184	have been originated by miners, who made extensive use of explosives while
	185	working underground.
	186
	187	Release is created in order to get fixed package after two years of development
	188	in HEAD branch. Package contains many experimental changes. Changes add new
	189	features, that can be unstable and cause inconsistent UI. If you want to use
	190	stable code, you should stick to SquirrelMail 1.4.x series. If you find issues
	191	in this package, make sure that they are still present in latest development
	192	code snapshots.
	193
	194	Happy SquirrelMailing!
	195	- The SquirrelMail Project Team