/***************************************************************** * Release Notes: SquirrelMail 1.5.1 * * The "Fire in the Hole" Release * * 2006-02-19 * *****************************************************************/ WARNING. If you can read this, then you are reading file from 1.5.1cvs and not final release notes. In this edition of SquirrelMail Release Notes: * All about this Release! * Major updates * Security updates * Plugin updates * Possible issues * Backwards incompatible changes * Data directory changes * Reporting my favorite SquirrelMail bug All about this Release! ======================= This is the second release of our new 1.5.x-series, which is a DEVELOPMENT release. See the Major Updates section of this file for more. Major updates ============== Rewritten IMAP functions and added extra data caching code. Internal sorting functions should be faster than code used in SquirrelMail 1.5.0 and older versions. Data caching should reduce number of IMAP calls in folder management and mailbox status functions. Own gettext implementation replaced with PHP Gettext classes. Update adds ngettext and dgettext support. Templates, css and error handler. SquirrelMail started using internal cookie functions in order to have more controls over cookie format. Cookies set with sqsetcookie() function use extra parameter that secures cookie information in browsers that follow MSDN cookie specifications. SquirrelMail IMAP and SMTP libraries updated to allow use of STARTTLS extension. Code is experimental and requires PHP 5.1.0 or newer with stream_socket_enable_crypto() function support. Updated wrapping functions in compose. Security updates ================ This release contains security fixes applied to development branch after 1.5.0 release: CVE-2004-0521 - SQL injection vulnerability in address book. CVE-2004-1036 - XSS exploit in decodeHeader function. CVE-2005-0075 - Potential file inclusion in preference backend selection code. CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php. CVE-2005-0104 - Possible XSS issues in src/webmail.php. CVE-2005-1769 - Several cross site scripting (XSS) attacks. CVE-2005-2095 - Extraction of all POST variables in advanced identity code. If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest stable SquirrelMail version. Plugin updates ============== Added site configuration options to filters, fortune, translate, newmail, bug_report plugins. Improved newmail and change_password plugins. Fixed data corruption issues in calendar plugin. SquirrelSpell plugin was updated to use generic SquirrelMail preference functions. User preferences and personal dictionaries that were stored in .words files are moved to .pref files or other configured user data storage backend. Possible issues =============== Internal SquirrelMail cookie implementation is experimental. If you have cookie expiration or corruption issues with some browser and can reproduce them only in 1.5.1 version, contact SquirrelMail developers and help them to debug your issue. Plugins (changes in hooks and IMAP API) IMAP sorting/threading Backward incompatible changes ============================= Index order options are modified in 1.5.1 version. If older options are detected, interface upgrades to newer option format and deletes old options. In 1.5.1 version SquirrelSpell user dictionaries are saved with generic SquirrelMail data functions. Code should copy older dictionary, if dictionary version information is not present in user preferences. Once dictionary is copied, .words files are obsolete and no longer updated. If same data directory is used with other backwards incompatible version, older SquirrelMail version can lose some user preferences or work with outdated data. Data directory ============== The directory data/ used to be included in our tarball. Since placing this dir under a web accessible directory is not very wise, we've decided to not pack it anymore; you need to create it yourself. Please choose a location that's safe, e.g. somewhere under /var. Reporting my favorite SquirrelMail bug ====================================== We constantly aim to make SquirrelMail even better. So we need you to submit any bug you come across! Also, please mention that the bug is in this 1.5.1 release, and list your IMAP server and webserver details. http://www.squirrelmail.org/bugs Thanks for your cooperation with this. That helps us to make sure nothing slips through the cracks. Also, it would help if people would check existing tracker items for a bug before reporting it again. This would help to eliminate duplicate reports, and increase the time we can spend CODING by DECREASING the time we spend sorting through bug reports. And remember, check not only OPEN bug reports, but also closed ones as a bug that you report MAY have been fixed in CVS already. If you want to join us in coding SquirrelMail, or have other things to share with the developers, join the development mailing list: squirrelmail-devel@lists.sourceforge.net About Our Release Alias ======================= This release is labeled the "Fire in the Hole" release. "Fire in the hole" is a phrase used to warn of the detonation of an explosive device. The phrase may have been originated by miners, who made extensive use of explosives while working underground. Release is created in order to get fixed package after two years of development in HEAD branch. Package contains many experimental changes. Changes add new features, that can be unstable and cause inconsistent UI. If you want to use stable code, you should stick to SquirrelMail 1.4.x series. If you find issues in this package, make sure that they are still present in latest development code snapshots. Happy SquirrelMailing! - The SquirrelMail Project Team