ReleaseNotes

   1 /*****************************************************************
   2  * Release Notes: SquirrelMail 1.5.1                             *
   3  * The "Fire in the Hole" Release                                *
   4  * 2006-02-19                                                    *
   5 *****************************************************************/
   6
   7 WARNING. If you can read this, then you are reading file from 1.5.1cvs and not
   8 final release notes.
   9
  10
  11
  12 In this edition of SquirrelMail Release Notes:
  13    * All about this Release!
  14    * Major updates
  15    * Security updates
  16    * Plugin updates
  17    * Possible issues
  18    * Backwards incompatible changes
  19    * Data directory changes
  20    * Reporting my favorite SquirrelMail bug
  21
  22 All about this Release!
  23 =======================
  24
  25 This is the second release of our new 1.5.x-series, which is a
  26 DEVELOPMENT release.
  27
  28 See the Major Updates section of this file for more.
  29
  30
  31 Major updates
  32 ==============
  33 Rewritten IMAP functions and added extra data caching code. Internal sorting
  34 functions should be faster than code used in SquirrelMail 1.5.0 and older
  35 versions. Data caching should reduce number of IMAP calls in folder management
  36 and mailbox status functions.
  37
  38 Own gettext implementation replaced with PHP Gettext classes. Update adds
  39 ngettext and dgettext support.
  40
  41 Templates, css and error handler.
  42
  43 SquirrelMail started using internal cookie functions in order to have more
  44 controls over cookie format. Cookies set with sqsetcookie() function use
  45 extra parameter that secures cookie information in browsers that follow
  46 MSDN cookie specifications.
  47
  48 SquirrelMail IMAP and SMTP libraries updated to allow use of STARTTLS extension.
  49 Code is experimental and requires PHP 5.1.0 or newer with
  50 stream_socket_enable_crypto() function support.
  51
  52 Updated wrapping functions in compose.
  53
  54
  55 Security updates
  56 ================
  57
  58 This release contains security fixes applied to development branch after 1.5.0
  59 release:
  60  CVE-2004-0521 - SQL injection vulnerability in address book.
  61  CVE-2004-1036 - XSS exploit in decodeHeader function.
  62  CVE-2005-0075 - Potential file inclusion in preference backend selection code.
  63  CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php.
  64  CVE-2005-0104 - Possible XSS issues in src/webmail.php.
  65  CVE-2005-1769 - Several cross site scripting (XSS) attacks.
  66  CVE-2005-2095 - Extraction of all POST variables in advanced identity code.
  67  CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php.
  68  CVE-2006-0195 - Possible XSS in MagicHTML, IE only.
  69  CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter.
  70
  71 If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest
  72 stable SquirrelMail version.
  73
  74 Plugin updates
  75 ==============
  76 Added site configuration options to filters, fortune, translate, newmail,
  77 bug_report plugins. Improved newmail and change_password plugins. Fixed data
  78 corruption issues in calendar plugin.
  79
  80 SquirrelSpell plugin was updated to use generic SquirrelMail preference functions.
  81 User preferences and personal dictionaries that were stored in .words files are
  82 moved to .pref files or other configured user data storage backend.
  83
  84
  85 Possible issues
  86 ===============
  87 Internal SquirrelMail cookie implementation is experimental. If you have cookie
  88 expiration or corruption issues with some browser and can reproduce them only in
  89 1.5.1 version, contact SquirrelMail developers and help them to debug your issue.
  90
  91 SquirrelMail 1.5.1 changed some functions and hooks. login_form hook requires
  92 different coding style. html_top, html_bottom, internal_link hooks are removed.
  93 src/move_messages.php code moved to main mailbox listing script. Some hooks are
  94 broken after implementation of templates in mailbox listing pages. soupNazi()
  95 function is replaced with checkForJavascript() function. sqimap_messages_delete,
  96 sqimap_messages_copy, sqimap_messages_flag and sqimap_get_small_header()
  97 functions are obsoleted. Some IMAP functions return data in different format.
  98 If plugins depend on changed or removed functions, they will break in this
  99 SquirrelMail version.
 100
 101 This SquirrelMail version implemented code that unregisters globals in PHP
 102 register_globals=on setups. If some plugin loads main SquirrelMail functions
 103 and depends on PHP register_globals, it will be broken.
 104
 105 IMAP sorting/threading
 106
 107 Backward incompatible changes
 108 =============================
 109 Index order options are modified in 1.5.1 version. If older options are
 110 detected, interface upgrades to newer option format and deletes old options.
 111
 112 In 1.5.1 version SquirrelSpell user dictionaries are saved with generic
 113 SquirrelMail data functions. Code should copy older dictionary, if dictionary
 114 version information is not present in user preferences. Once dictionary is
 115 copied, <username>.words files are obsolete and no longer updated.
 116
 117 If same data directory is used with other backwards incompatible version, older
 118 SquirrelMail version can lose some user preferences or work with outdated data.
 119
 120 Data directory
 121 ==============
 122
 123 The directory data/ used to be included in our tarball. Since placing this dir
 124 under a web accessible directory is not very wise, we've decided to not pack it
 125 anymore; you need to create it yourself. Please choose a location that's safe,
 126 e.g. somewhere under /var.
 127
 128
 129 Reporting my favorite SquirrelMail bug
 130 ======================================
 131
 132 We constantly aim to make SquirrelMail even better. So we need you to submit
 133 any bug you come across! Also, please mention that the bug is in this 1.5.1
 134 release, and list your IMAP server and webserver details.
 135
 136    http://www.squirrelmail.org/bugs
 137
 138 Thanks for your cooperation with this. That helps us to make sure nothing slips
 139 through the cracks. Also, it would help if people would check existing tracker
 140 items for a bug before reporting it again. This would help to eliminate
 141 duplicate reports, and increase the time we can spend CODING by DECREASING the
 142 time we spend sorting through bug reports. And remember, check not only OPEN
 143 bug reports, but also closed ones as a bug that you report MAY have been fixed
 144 in CVS already.
 145
 146 If you want to join us in coding SquirrelMail, or have other things to share
 147 with the developers, join the development mailing list:
 148
 149    squirrelmail-devel@lists.sourceforge.net
 150
 151
 152 About Our Release Alias
 153 =======================
 154
 155 This release is labeled the "Fire in the Hole" release. "Fire in the hole" is
 156 a phrase used to warn of the detonation of an explosive device. The phrase may
 157 have been originated by miners, who made extensive use of explosives while
 158 working underground.
 159
 160 Release is created in order to get fixed package after two years of development
 161 in HEAD branch. Package contains many experimental changes. Changes add new
 162 features, that can be unstable and cause inconsistent UI. If you want to use
 163 stable code, you should stick to SquirrelMail 1.4.x series. If you find issues
 164 in this package, make sure that they are still present in latest development
 165 code snapshots.
 166
 167                   Happy SquirrelMailing!
 168                     - The SquirrelMail Project Team