ReleaseNotes

   1 /*****************************************************************
   2  * Release Notes: SquirrelMail 1.5.1                             *
   3  * The "Fire in the Hole" Release                                *
   4  * 2006-02-19                                                    *
   5 *****************************************************************/
   6
   7 WARNING. If you can read this, then you are reading file from 1.5.1cvs and not
   8 final release notes.
   9
  10
  11 In this edition of SquirrelMail Release Notes:
  12    * All About This Release!
  13    * Major Updates
  14    * Security Updates
  15    * Plugin Updates
  16    * Possible Issues
  17    * Backwards Incompatible Changes
  18    * Data Directory Changes
  19    * Reporting Your Favorite SquirrelMail Bug
  20
  21
  22 All About This Release!
  23 =======================
  24 This is the second release of our new 1.5.x-series, which is a
  25 DEVELOPMENT release.
  26
  27 See the Major Updates section of this file for more information.
  28
  29
  30 Major Updates
  31 ==============
  32 Rewritten IMAP functions and optimized IMAP data caching code. Internal
  33 sorting functions should be faster than code used in SquirrelMail <= 1.5.0.
  34 Together with the optimized caching code, all the logic concerning sorting has
  35 been rewritten so that Squirrelmail can display more columns with sort support
  36 in the messages list. I.e. the From and To column in the same view sorted on
  37 size.  Also, the number of IMAP calls is reduced by smarter caching in the IMAP
  38 mailbox area and by the optimized header and sort cache code.  Reducing the
  39 amount of IMAP calls will lower the load on your IMAP server and  increase
  40 SquirrelMail performance.
  41
  42 In-house gettext implementation replaced with PHP Gettext classes. Update adds
  43 ngettext and dgettext support.
  44
  45 Begin work on separating the SquirrelMail internal logic from user interface
  46 related logic.  This has resulted in the first (very) rough CSS-based PHP
  47 templates.  In future releases we will finish the mentioned separation and work
  48 on simpler templates.
  49
  50 Added JavaScript-based message row highlighting code (disabled by default) for
  51 faster selection of messages in the messages list.
  52
  53 Usage of a centralized error handler.  Development will continue in 1.5.2.
  54
  55 SquirrelMail has started using internal cookie functions in order to have more
  56 control over cookie format. Cookies set with sqsetcookie() function now use an
  57 extra parameter (HttpOnly) to secure cookie information by making the cookie
  58 not accessible to scripts (particularly, JavaScript).  This feature is only
  59 supported in browsers that follow the MSDN cookie specifications (see
  60 http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp).
  61 Currently this is limited to IE6 >= SP1.
  62
  63 SquirrelMail IMAP and SMTP libraries now support use of STARTTLS extension.
  64 The code is experimental and requires PHP 5.1.0 or newer with
  65 stream_socket_enable_crypto() function support enabled.
  66
  67 Updated wrapping functions in compose.
  68
  69 Added code for advanced searching in messages. Now it's possible to switch
  70 between normal search and advanced search.
  71
  72
  73 Security Updates
  74 ================
  75 This release contains security fixes applied to development branch after 1.5.0
  76 release:
  77  CVE-2004-0521 - SQL injection vulnerability in address book.
  78  CVE-2004-1036 - XSS exploit in decodeHeader function.
  79  CVE-2005-0075 - Potential file inclusion in preference backend selection code.
  80  CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php.
  81  CVE-2005-0104 - Possible XSS issues in src/webmail.php.
  82  CVE-2005-1769 - Several cross site scripting (XSS) attacks.
  83  CVE-2005-2095 - Extraction of all POST variables in advanced identity code.
  84  CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php.
  85  CVE-2006-0195 - Possible XSS in MagicHTML, IE only.
  86  CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter.
  87
  88 If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest
  89 stable SquirrelMail version.
  90
  91
  92 Plugin Updates
  93 ==============
  94 Added site configuration options for filters, fortune, translate, newmail,
  95 bug_report plugins. Improved newmail and change_password plugins. Fixed data
  96 corruption issues in calendar plugin.
  97
  98 SquirrelSpell plugin was updated to use generic SquirrelMail preference functions.
  99 User preferences and personal dictionaries that were stored in .words files are
 100 moved to .pref files or other configured user data storage backend.
 101
 102
 103 Possible Issues
 104 ===============
 105 Internal SquirrelMail cookie implementation is experimental. If you have cookie
 106 expiration or corruption issues and can reproduce them only in 1.5.1 version,
 107 contact one of the SquirrelMail developers and to help them debug the issue.
 108
 109 SquirrelMail 1.5.1 changed some functions and hooks. login_form hook requires
 110 different coding style.  html_top, html_bottom, internal_link hooks have been
 111 removed.  src/move_messages.php code has been moved to the main mailbox listing
 112 script. Some hooks may be broken after implementation of templates, especially
 113 in mailbox listing pages.  soupNazi() function has been replaced with the
 114 checkForJavascript() function.  sqimap_messages_delete(),
 115 sqimap_messages_copy(), sqimap_messages_flag() and sqimap_get_small_header()
 116 functions are now obsolete.  Some IMAP functions return data in different
 117 format.  If plugins depend on changed or removed functions, they will break in
 118 this version of SquirrelMail.
 119
 120 This SquirrelMail version implemented code that unregisters globals in PHP
 121 register_globals=on setups.  Plugins that load main SquirrelMail functions and
 122 depend on PHP register_globals=on will be broken.
 123
 124 IMAP sorting/threading
 125 By default, SquirrelMail will make use of the capabilities provided by the IMAP
 126 server. This means that if the IMAP server supports SORT and THREAD sorting then
 127 SquirrelMail makes use of it. Some broken IMAP servers advertise the SORT and
 128 THREAD capabilities although they do not support it. For those IMAP servers
 129 there is a config option to disable the use of SORT and THREAD sort.
 130
 131 Backward Incompatible Changes
 132 =============================
 133 Index order options are modified in 1.5.1 version. If older options are
 134 detected, interface upgrades to newer option format and deletes old options.
 135
 136 In version 1.5.1, SquirrelSpell user dictionaries are saved with generic
 137 SquirrelMail data functions.  SquirrelSpell should copy older dictionaries
 138 if dictionary version information is not present in user preferences. Once
 139 the dictionary is copied, <username>.words files are obsolete and no longer
 140 updated.
 141
 142 If the same data directory is used with other backwards incompatible versions,
 143 the older SquirrelMail version may lose some user preferences or work with
 144 outdated data.  Admins are advised to use a separate data directory for the
 145 1.5.1 release.  The data directory can be configured by running configure.
 146
 147 Data Directory
 148 ==============
 149 The directory data/ is no longer included in our tarball. Since placing this
 150 directory under a web-accessible directory is not very wise, we've decided to
 151 not pack it anymore.  Admins will need to create it. Please choose a location
 152 that's safe (not web accessible), e.g. /var/squirrelmail/data.
 153
 154 Reporting Your Favorite SquirrelMail Bug
 155 ========================================
 156 We constantly aim to make SquirrelMail even better, so we need you to submit
 157 any bugs you come across! Also, please mention that the bug is in this release
 158 (version 1.5.1), and list your IMAP server and web server details.  Bugs can be
 159 submitted at:
 160
 161    http://www.squirrelmail.org/bugs
 162
 163 Thanks for your cooperation with this. This helps ensure that nothing slips
 164 through the cracks.  Also, please search the bug database for existing items
 165 before submitting a new bug.  This will help to eliminate duplicate reports and
 166 increase the time we can spend FIXING existing bugs by DECREASING the time we
 167 spend sorting through bug reports.  Remember to check for CLOSED bug reports
 168 also, not just OPEN bug reports, in case a bug you want to report may have been
 169 recently fixed in CVS.
 170
 171 If you want to join us in coding SquirrelMail, or have other things to share
 172 with the developers, join the development mailing list:
 173
 174    squirrelmail-devel@lists.sourceforge.net
 175
 176
 177 About Our Release Alias
 178 =======================
 179 This release is labeled the "Fire in the Hole" release. "Fire in the Hole" is
 180 a phrase used to warn of the detonation of an explosive device. The phrase may
 181 have been originated by miners, who made extensive use of explosives while
 182 working underground.
 183
 184 This release has been created to get a fixed package after more than two years
 185 of development in the CVS HEAD branch.  This package contains many experimental
 186 changes.  These changes add new features that can/will be unstable and/or
 187 create an inconsistent UI.  If you want to use stable code, you should stick to
 188 the 1.4.x series of SquirrelMail.  If you find issues in this package, make
 189 sure that they are still present in the latest development code snapshots.  To
 190 obtain thelatest development snapshot, see
 191
 192         http://www.squirrelmail.org/download.php#snapshot
 193
 194                   Happy SquirrelMailing!
 195                     - The SquirrelMail Project Team