ReleaseNotes

   1 /*****************************************************************
   2  * Release Notes: SquirrelMail 1.5.1                             *
   3  * The "Fire in the Hole" Release                                *
   4  * 2006-02-19                                                    *
   5 *****************************************************************/
   6
   7 WARNING. If you can read this, then you are reading file from 1.5.1cvs and not
   8 final release notes.
   9
  10
  11
  12 In this edition of SquirrelMail Release Notes:
  13    * All about this Release!
  14    * Major updates
  15    * Security updates
  16    * Plugin updates
  17    * Possible issues
  18    * Backwards incompatible changes
  19    * Data directory changes
  20    * Reporting my favorite SquirrelMail bug
  21
  22 All about this Release!
  23 =======================
  24
  25 This is the second release of our new 1.5.x-series, which is a
  26 DEVELOPMENT release.
  27
  28 See the Major Updates section of this file for more.
  29
  30
  31 Major updates
  32 ==============
  33 Rewritten IMAP functions and added optimized imap data caching code. Internal
  34 sorting functions should be faster than code used in SquirrelMail 1.5.0 and
  35 older versions. Together with the optimized caching code all the logic
  36 concerning sorting is rewritten in order to achieve that Squirrelmail can
  37 display more columns with sort support in the messages list. I.e. the From and
  38 To column in the same view sorted on size.
  39 The amount of IMAP calls is reduced by smarter caching in the imap mailbox area
  40 and the  optimized header- and sort cache as described before. Reducing the
  41 amount of IMAP calls will lower the load of your IMAP server and increase the
  42 SquirrelMail performance.
  43
  44 Own gettext implementation replaced with PHP Gettext classes. Update adds
  45 ngettext and dgettext support.
  46
  47 Initiation of separating the SquirrelMail internal logic from user interface
  48 related logic which resulted in the first rough css based templates in php. In
  49 future releases we finish the mentioned separation and work on simpler
  50 templates.
  51
  52 Added javascript based message row highlighting code (disabled by default) for
  53 faster selection of messages in the messages list.
  54
  55 Usage of a centralized error handler (moving process continues in 1.5.2).
  56
  57 SquirrelMail started using internal cookie functions in order to have more
  58 controls over cookie format. Cookies set with sqsetcookie() function use
  59 extra parameter (HttpOnly) that protects cookie information for javascript
  60 access in browsers that follow MSDN cookie specifications (currently recent IE6
  61 versions).
  62
  63 SquirrelMail IMAP and SMTP libraries updated to allow use of STARTTLS extension.
  64 The code is experimental and requires PHP 5.1.0 or newer with
  65 stream_socket_enable_crypto() function support.
  66
  67 Updated wrapping functions in compose.
  68
  69 Added code for advanced searching in message. Now it's possible to switch
  70 between normal search and advanced search.
  71
  72
  73 Security updates
  74 ================
  75
  76 This release contains security fixes applied to development branch after 1.5.0
  77 release:
  78  CVE-2004-0521 - SQL injection vulnerability in address book.
  79  CVE-2004-1036 - XSS exploit in decodeHeader function.
  80  CVE-2005-0075 - Potential file inclusion in preference backend selection code.
  81  CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php.
  82  CVE-2005-0104 - Possible XSS issues in src/webmail.php.
  83  CVE-2005-1769 - Several cross site scripting (XSS) attacks.
  84  CVE-2005-2095 - Extraction of all POST variables in advanced identity code.
  85  CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php.
  86  CVE-2006-0195 - Possible XSS in MagicHTML, IE only.
  87  CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter.
  88
  89 If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest
  90 stable SquirrelMail version.
  91
  92 Plugin updates
  93 ==============
  94 Added site configuration options to filters, fortune, translate, newmail,
  95 bug_report plugins. Improved newmail and change_password plugins. Fixed data
  96 corruption issues in calendar plugin.
  97
  98 SquirrelSpell plugin was updated to use generic SquirrelMail preference functions.
  99 User preferences and personal dictionaries that were stored in .words files are
 100 moved to .pref files or other configured user data storage backend.
 101
 102
 103 Possible issues
 104 ===============
 105 Internal SquirrelMail cookie implementation is experimental. If you have cookie
 106 expiration or corruption issues with some browser and can reproduce them only in
 107 1.5.1 version, contact one of the SquirrelMail developers and help them to debug
 108 your issue.
 109
 110 SquirrelMail 1.5.1 changed some functions and hooks. login_form hook requires
 111 different coding style. html_top, html_bottom, internal_link hooks are removed.
 112 src/move_messages.php code moved to main mailbox listing script. Some hooks are
 113 broken after implementation of templates in mailbox listing pages. soupNazi()
 114 function is replaced with checkForJavascript() function. sqimap_messages_delete,
 115 sqimap_messages_copy, sqimap_messages_flag and sqimap_get_small_header()
 116 functions are obsoleted. Some IMAP functions return data in different format.
 117 If plugins depend on changed or removed functions, they will break in this
 118 SquirrelMail version.
 119
 120 This SquirrelMail version implemented code that unregisters globals in PHP
 121 register_globals=on setups. If some plugin loads main SquirrelMail functions
 122 and depends on PHP register_globals, it will be broken.
 123
 124 IMAP sorting/threading
 125 By default SquirrelMail will make use of the capabilities provided by the IMAP
 126 server. This means that if the IMAP server supports SORT and THREAD sorting then
 127 SquirrelMail makes use of it. Some broken IMAP servers advertise the SORT and
 128 THREAD capabilities although they do not support it. For those IMAP servers
 129 there is a config option to disable the use of SORT and THREAD sort.
 130
 131 Backward incompatible changes
 132 =============================
 133 Index order options are modified in 1.5.1 version. If older options are
 134 detected, interface upgrades to newer option format and deletes old options.
 135
 136 In 1.5.1 version SquirrelSpell user dictionaries are saved with generic
 137 SquirrelMail data functions. Code should copy older dictionary, if dictionary
 138 version information is not present in user preferences. Once dictionary is
 139 copied, <username>.words files are obsolete and no longer updated.
 140
 141 If the same data directory is used with other backwards incompatible version,
 142 the older SquirrelMail version can lose some user preferences or work with
 143 outdated data. We advise to use separate data directory for the 1.5.1 release.
 144 The data directory can be configured by running configure.
 145
 146
 147 Data directory
 148 ==============
 149
 150 The directory data/ used to be included in our tarball. Since placing this dir
 151 under a web accessible directory is not very wise, we've decided to not pack it
 152 anymore; you need to create it yourself. Please choose a location that's safe,
 153 e.g. somewhere under /var.
 154
 155
 156 Reporting my favorite SquirrelMail bug
 157 ======================================
 158
 159 We constantly aim to make SquirrelMail even better. So we need you to submit
 160 any bug you come across! Also, please mention that the bug is in this 1.5.1
 161 release, and list your IMAP server and webserver details.
 162
 163    http://www.squirrelmail.org/bugs
 164
 165 Thanks for your cooperation with this. That helps us to make sure nothing slips
 166 through the cracks. Also, it would help if people would check existing tracker
 167 items for a bug before reporting it again. This would help to eliminate
 168 duplicate reports, and increase the time we can spend CODING by DECREASING the
 169 time we spend sorting through bug reports. And remember, check not only OPEN
 170 bug reports, but also closed ones as a bug that you report MAY have been fixed
 171 in CVS already.
 172
 173 If you want to join us in coding SquirrelMail, or have other things to share
 174 with the developers, join the development mailing list:
 175
 176    squirrelmail-devel@lists.sourceforge.net
 177
 178
 179 About Our Release Alias
 180 =======================
 181
 182 This release is labeled the "Fire in the Hole" release. "Fire in the hole" is
 183 a phrase used to warn of the detonation of an explosive device. The phrase may
 184 have been originated by miners, who made extensive use of explosives while
 185 working underground.
 186
 187 Release is created in order to get fixed package after two years of development
 188 in HEAD branch. Package contains many experimental changes. Changes add new
 189 features, that can be unstable and cause inconsistent UI. If you want to use
 190 stable code, you should stick to SquirrelMail 1.4.x series. If you find issues
 191 in this package, make sure that they are still present in latest development
 192 code snapshots.
 193
 194                   Happy SquirrelMailing!
 195                     - The SquirrelMail Project Team