ReleaseNotes

   1 /*****************************************************************
   2  * Release Notes: SquirrelMail 1.5.1                             *
   3  * The "Fire in the Hole" Release                                *
   4  * 2006-02-19                                                    *
   5 *****************************************************************/
   6
   7 WARNING. If you can read this, then you are reading file from 1.5.1cvs and not
   8 final release notes.
   9
  10
  11
  12 In this edition of SquirrelMail Release Notes:
  13    * All about this Release!
  14    * Major updates
  15    * Security updates
  16    * Plugin updates
  17    * Possible issues
  18    * Backwards incompatible changes
  19    * Data directory changes
  20    * Reporting my favorite SquirrelMail bug
  21
  22 All about this Release!
  23 =======================
  24
  25 This is the second release of our new 1.5.x-series, which is a
  26 DEVELOPMENT release.
  27
  28 See the Major Updates section of this file for more.
  29
  30
  31 Major updates
  32 ==============
  33 Rewritten IMAP functions and added extra data caching code. Internal sorting
  34 functions should be faster than code used in SquirrelMail 1.5.0 and older
  35 versions. Data caching should reduce number of IMAP calls in folder management
  36 and mailbox status functions.
  37
  38 Own gettext implementation replaced with PHP Gettext classes. Update adds
  39 ngettext and dgettext support.
  40
  41 Templates, css and error handler.
  42
  43 Own cookie functions
  44
  45 Updated wrapping functions in compose.
  46
  47
  48 Security updates
  49 ================
  50
  51 This release contains security fixes applied to development branch after 1.5.0
  52 release.
  53 CVE-2004-0521 - SQL injection vulnerability in address book.
  54 CVE-2004-1036 - XSS exploit in decodeHeader function.
  55 CVE-2005-0075 - Potential file inclusion in preference backend selection code.
  56 CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php.
  57 CVE-2005-0104 - Possible XSS issues in src/webmail.php.
  58 CVE-2005-1769 - Several cross site scripting (XSS) attacks.
  59 CVE-2005-2095 - Extraction of all POST variables in advanced identity code.
  60
  61
  62 Plugin updates
  63 ==============
  64 Added site configuration options to filters, fortune, translate, newmail,
  65 bug_report plugins. Improved newmail and change_password plugins.
  66
  67 SquirrelSpell data storage
  68
  69
  70 Possible issues
  71 ===============
  72 Cookies
  73 Plugins (changes in hooks and IMAP API)
  74 IMAP sorting/threading
  75
  76 Backward incompatible changes
  77 =============================
  78 Index order options are modified in 1.5.1 version. If older options are
  79 detected, interface upgrades to newer option format and deletes old options.
  80
  81 In 1.5.1 version SquirrelSpell user dictionaries are saved with generic
  82 SquirrelMail data functions. Code should copy older dictionary, if dictionary
  83 version information is not present in user preferences. Once dictionary is
  84 copied, <username>.words files are obsolete and no longer updated.
  85
  86 If same data directory is used with other backwards incompatible version, older
  87 SquirrelMail version can lose some user preferences or work with outdated data.
  88
  89 Data directory
  90 ==============
  91
  92 The directory data/ used to be included in our tarball. Since placing this dir
  93 under a web accessible directory is not very wise, we've decided to not pack it
  94 anymore; you need to create it yourself. Please choose a location that's safe,
  95 e.g. somewhere under /var.
  96
  97
  98 Reporting my favorite SquirrelMail bug
  99 ======================================
 100
 101 We constantly aim to make SquirrelMail even better. So we need you to submit
 102 any bug you come across! Also, please mention that the bug is in this 1.5.1
 103 release, and list your IMAP server and webserver details.
 104
 105    http://www.squirrelmail.org/bugs
 106
 107 Thanks for your cooperation with this. That helps us to make sure nothing slips
 108 through the cracks. Also, it would help if people would check existing tracker
 109 items for a bug before reporting it again. This would help to eliminate
 110 duplicate reports, and increase the time we can spend CODING by DECREASING the
 111 time we spend sorting through bug reports. And remember, check not only OPEN
 112 bug reports, but also closed ones as a bug that you report MAY have been fixed
 113 in CVS already.
 114
 115 If you want to join us in coding SquirrelMail, or have other things to share
 116 with the developers, join the development mailing list:
 117
 118    squirrelmail-devel@lists.sourceforge.net
 119
 120
 121 About Our Release Alias
 122 =======================
 123
 124 This release is labeled the "Fire in the Hole" release. "Fire in the hole" is
 125 a phrase used to warn of the detonation of an explosive device. The phrase may
 126 have been originated by miners, who made extensive use of explosives while
 127 working underground.
 128
 129 Release is created in order to get fixed package after two years of development
 130 in HEAD branch. Package contains many experimental changes. Changes add new
 131 features, that can be unstable and cause inconsistent UI. If you want to use
 132 stable code, you should stick to SquirrelMail 1.4.x series. If you find issues
 133 in this package, make sure that they are still present in latest development
 134 code snapshots.
 135
 136                   Happy SquirrelMailing!
 137                     - The SquirrelMail Project Team