/*****************************************************************
- * Release Notes: SquirrelMail 1.2.6 *
- * The "Two Journeys" Release *
- * 29 April 2002 *
- *****************************************************************/
+ * Release Notes: SquirrelMail 1.5.2 *
+ * The "" Release *
+ * 2006-xx-xx *
+*****************************************************************/
+
+WARNING. If you can read this, then you are reading file from cvs and not
+final release notes.
-In this edition of SquirrelMail Release Notes:
- * All about this Release!!!
- * Reporting my favorite SquirrelMail 1.2 bug
- * Important Note about PHP 4.2.0
- * About our Release Aliases
-
-All about this Release!!!
-=========================
-
-Squirrelmail.
-It's feature set is that of a desktop client.
-It's ease of use is unheard of.
-It's ..ehem.. bug free.
-There is nowhere else to go...
-Except to the 1.2.6 stable version of Squirrelmail!!
-
- We are excited to bring you the latest and greatest Squirrelmail release
-to date. More features you say? You got it. Better performance is what
-you need? Expect it. Looking for a Sqirrelmail with less bugs? It is here.
-Here are some highlights:
-
- * Greatly improved Cross Site Scripting Protection with a new custom
- html filter.
- * Improved search and filter functions, allowing for non-ascii search
- and filter criteria.
- * Server side sorting capability to improve performance with large
- mailboxes.
- * Most importantly, Many, many bugfixes. And more bugfixes. did I mention
- bugfixes?
-
-See the Changelog file for details.
-
- Being one of the most popular webmail clients, the developers of
-SquirrelMail feel a huge desire and responsibility to continue push
-the envelope and make SquirrelMail the best it can possibly be. You
-will not be disappointed with this release, as it is by far the most
-feature rich, and yet it is still the same sleek and unbloated and
-cuddly webmail application that we have all grown to love. Here is
-an incomplete list of some of the great features that Squirrelmail
-has to offer:
-
- * Collapsible Folders - The folder list can be collapsed at any
- parent folder. This makes folder lists with large
- hierarchical structures much easier to manage and navigate.
- * Fix for the "theme passed as cookie" exploit posted to the bug-
- traq mailing list.
- * The Paginator! - This enables quick access to any page in the
- message list by simply choosing the page number to view
- rather than tediously clicking "next" 50 times.
- * Hundreds of UI tweaks - The user interface has been given a
- face-lift. The HTML has been largely overhauled, and while
- it still has the same general feel, it has been made more
- intuitive.
- * Drafts - It is now possible to compose a message and save it to
- be sent at a later date with the drafts option.
- * Ability to mark messages as read and unread from the message listing.
- * New Options Page - The options page has been completely
- rewritten for several reasons, the main of which was to
- allow seamless integration of plugin options and to
- provide uniformity throughout the entire section.
- * Multiple Identities - It is now possible to create different
- identities (home, work, school) that can be chosen upon
- sending. Each identity can have its own email address,
- full name, and signature.
- * Ability to forward messages as attachments from the message listing.
- * Reply Citations - Different types of citations are now possible
- when replying to messages.
- * Better Attachment Handling - The plugin, attachment_common, has
- been fully integrated into the core of SquirrelMail. This
- allows inline viewing of several different types of
- attachments.
- * Integration of Several Plugins - The following plugins have been
- put directly into the core. As a result, be sure not to
- install these as plugins, as the result may be (at best)
- unpredictable: attachment_common, paginator, priority,
- printer_friendly, sqclock, xmailer.
- * Improved support for newer versions of PHP. Recommended versions
- are 4.0.3 -> 4.1.2.
- * Server-side sorting support adds speed to the mailbox display, even
- with large mailboxes. Server-sid thread sorting support allows
- users to display mailboxes in thread-sort order.
-
-
-I am sure there are plenty more features I have missed. You just have
-to try it for yourself!
-
-Having been involved with Squirrelmail for a while I can safely say
-that this stable release has the most bugfixes to date. The invaluable
-contributions of the Squirrelmail community, from developers and users
-alike have helped to make this release of Squirrelmail the best yet.
-
- Home Page: http://www.squirrelmail.org/
- Download: http://www.squirrelmail.org/download.php
- ScreenShots: http://www.squirrelmail.org/screenshots.php
-
-
-Reporting my favorite SquirrelMail 1.2 bug
-==========================================
-
-Of course, in the words of Linus Torvalds, this release is officially
-certified to be Bug-Free (tm).
-
-However, if for some reason some bugs manage to find their way to the
-surface, please report them at once (after all, they ARE uncertified
-bugs!!!) The PROPER place to report these bugs is the SquirrelMail Bug
-Tracker.
-
- http://www.squirrelmail.org/bugs
-
-Thank you for your cooperation in that issue. That helps us to make
-sure that nothing slips through the cracks. Also, it would help if
-people would check existing tracker items for a bug before reporting
-it again. This would help to eliminate duplicate reports, and
-increase the time we can spend CODING by DECREASING the time we
-spend sorting through bug reports. And remember, check not only OPEN
-bug reports, but also closed ones as a bug that you report MAY have
-been fixed in CVS already.
-
-
-Important Note about PHP 4.2.0
-==============================
-
- A few days before this release, PHP 4.2.0 hit the net. The Squirrelmail
-team has not had a chance to test this new version of PHP with the 1.2.6
-release. The recommended versions of PHP for Squirrelmail 1.2.6 is 4.0.3
-through 4.1.2.
-
-
-About our Release Aliases - By Jason Munro
-=========================
-
-Squirrelmail has started on a new journey.
-Two journeys really.
-
-In one, our beloved hero delves deep inside its squirrel-self,
-searching for calmness and peace with its surroundings.
-Striving to hone its squirrel-skills against any and all obstacles.
-
-This is the stable path.
-
-In the other, our champion has shed the failures of its past and
-started anew on a wild adventure through uncharted territory. The
-dangers are great, but so are the rewards.
-
-This is the development path.
-
-
- Squirrelmail 1.2.6 is the latest stepping-stone on the stable
-path. It leads to a Squirrelmail of unseen dependablity and
-performance.
- Squirrelmail 2.0 development has begun. This is the first step
-on the journey down the development path. New worlds of possiblity
-are opening up with each step.
-
-Forget what you thought you knew about Squirrelmail,
-and get ready for a whole new nut.
+In this edition of SquirrelMail Release Notes:
+ * All About This Release!
+ * Major Updates
+ * Security Updates
+ * Plugin Updates
+ * Possible Issues
+ * Backwards Incompatible Changes
+ * Data Directory Changes
+ * Reporting Your Favorite SquirrelMail Bug
+
+
+All About This Release!
+=======================
+This is the second release of our new 1.5.x-series, which is a
+DEVELOPMENT release.
+
+See the Major Updates section of this file for more information.
+
+
+Major Updates
+==============
+Rewritten IMAP functions and optimized IMAP data caching code. Internal
+sorting functions should be faster than code used in SquirrelMail <= 1.5.0.
+Together with the optimized caching code, all the logic concerning sorting has
+been rewritten so that Squirrelmail can display more columns with sort support
+in the messages list. I.e. the From and To column in the same view sorted on
+size. Also, the number of IMAP calls is reduced by smarter caching in the IMAP
+mailbox area and by the optimized header and sort cache code. Reducing the
+amount of IMAP calls will lower the load on your IMAP server and increase
+SquirrelMail performance.
+
+In-house gettext implementation replaced with PHP Gettext classes. Update adds
+ngettext and dgettext support.
+
+Begin work on separating the SquirrelMail internal logic from user interface
+related logic. This has resulted in the first (very) rough CSS-based PHP
+templates. In future releases we will finish the mentioned separation and work
+on simpler templates.
+
+Added JavaScript-based message row highlighting code (disabled by default) for
+faster selection of messages in the messages list.
+
+Usage of a centralized error handler. Development will continue in 1.5.2.
+
+SquirrelMail has started using internal cookie functions in order to have more
+control over cookie format. Cookies set with sqsetcookie() function now use an
+extra parameter (HttpOnly) to secure cookie information by making the cookie
+not accessible to scripts (particularly, JavaScript). This feature is only
+supported in browsers that follow the MSDN cookie specifications (see
+http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp).
+Currently this is limited to IE6 >= SP1.
+
+SquirrelMail IMAP and SMTP libraries now support use of STARTTLS extension.
+The code is experimental and requires PHP 5.1.0 or newer with
+stream_socket_enable_crypto() function support enabled.
+
+Updated wrapping functions in compose. New wrapping code improves quoting
+of text chapters. Thanks to Justus Pendleton.
+
+Added code for advanced searching in messages. Now it's possible to switch
+between normal search and advanced search.
+
+Main SquirrelMail code implements view_as_html and folder_settings plugin
+features. These plugins should not be used in SquirrelMail 1.5.1.
+
+
+Security Updates
+================
+This release contains security fixes applied to development branch after 1.5.0
+release:
+ CVE-2004-0521 - SQL injection vulnerability in address book.
+ CVE-2004-1036 - XSS exploit in decodeHeader function.
+ CVE-2005-0075 - Potential file inclusion in preference backend selection code.
+ CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php.
+ CVE-2005-0104 - Possible XSS issues in src/webmail.php.
+ CVE-2005-1769 - Several cross site scripting (XSS) attacks.
+ CVE-2005-2095 - Extraction of all POST variables in advanced identity code.
+ CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php.
+ CVE-2006-0195 - Possible XSS in MagicHTML, IE only.
+ CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter.
+
+If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest
+stable SquirrelMail version.
+
+
+Plugin Updates
+==============
+Added site configuration options for filters, fortune, translate, newmail,
+bug_report plugins. Improved newmail and change_password plugins. Fixed data
+corruption issues in calendar plugin.
+
+SquirrelSpell plugin was updated to use generic SquirrelMail preference functions.
+User preferences and personal dictionaries that were stored in .words files are
+moved to .pref files or other configured user data storage backend.
+
+
+Possible Issues
+===============
+Internal SquirrelMail cookie implementation is experimental. If you have cookie
+expiration or corruption issues and can reproduce them only in 1.5.1 version,
+contact one of the SquirrelMail developers and to help them debug the issue.
+
+SquirrelMail 1.5.1 changed some functions and hooks. login_form hook requires
+different coding style. html_top, html_bottom, internal_link hooks have been
+removed. src/move_messages.php code has been moved to the main mailbox listing
+script. Some hooks may be broken after implementation of templates, especially
+in mailbox listing pages. soupNazi() function has been replaced with the
+checkForJavascript() function. sqimap_messages_delete(),
+sqimap_messages_copy(), sqimap_messages_flag() and sqimap_get_small_header()
+functions are now obsolete. Some IMAP functions return data in different
+format. If plugins depend on changed or removed functions, they will break in
+this version of SquirrelMail.
+
+This SquirrelMail version added http headers that prevent caching of pages by
+proxies. Headers are added in SquirrelMail displayHtmlHeader() function. Changes
+require that html output is not started before displayHtmlHeader() is called. If
+some code starts output, PHP errors will be displayed. If plugins display
+notices in options_save hook and don't stop script execution on error, page
+display will be broken.
+
+SquirrelMail 1.5.1 implemented code that unregisters globals in PHP
+register_globals=on setups. Plugins that load main SquirrelMail functions and
+depend on PHP register_globals=on will be broken.
+
+IMAP sorting/threading
+By default, SquirrelMail will make use of the capabilities provided by the IMAP
+server. This means that if the IMAP server supports SORT and THREAD sorting then
+SquirrelMail makes use of it. Some broken IMAP servers advertise the SORT and
+THREAD capabilities although they do not support it. For those IMAP servers
+there is a config option to disable the use of SORT and THREAD sort.
+
+Backward Incompatible Changes
+=============================
+Index order options are modified in 1.5.1 version. If older options are
+detected, interface upgrades to newer option format and deletes old options.
+
+In version 1.5.1, SquirrelSpell user dictionaries are saved with generic
+SquirrelMail data functions. SquirrelSpell should copy older dictionaries
+if dictionary version information is not present in user preferences. Once
+the dictionary is copied, <username>.words files are obsolete and no longer
+updated.
+
+If the same data directory is used with other backwards incompatible versions,
+the older SquirrelMail version may lose some user preferences or work with
+outdated data. Admins are advised to use a separate data directory for the
+1.5.1 release. The data directory can be configured by running configure.
+
+Data Directory
+==============
+The directory data/ is no longer included in our tarball. Since placing this
+directory under a web-accessible directory is not very wise, we've decided to
+not pack it anymore. Admins will need to create it. Please choose a location
+that's safe (not web accessible), e.g. /var/squirrelmail/data.
+
+Reporting Your Favorite SquirrelMail Bug
+========================================
+We constantly aim to make SquirrelMail even better, so we need you to submit
+any bugs you come across! Also, please mention that the bug is in this release
+(version 1.5.1), and list your IMAP server and web server details. Bugs can be
+submitted at:
+
+ http://squirrelmail.org/bugs
+
+Thanks for your cooperation with this. This helps ensure that nothing slips
+through the cracks. Also, please search the bug database for existing items
+before submitting a new bug. This will help to eliminate duplicate reports and
+increase the time we can spend FIXING existing bugs by DECREASING the time we
+spend sorting through bug reports. Remember to check for CLOSED bug reports
+also, not just OPEN bug reports, in case a bug you want to report may have been
+recently fixed in our source code repository.
+
+If you want to join us in coding SquirrelMail, or have other things to share
+with the developers, join the development mailing list:
+
+ squirrelmail-devel@lists.sourceforge.net
+
+
+About Our Release Alias
+=======================
+This release is labeled the "Fire in the Hole" release. "Fire in the Hole" is
+a phrase used to warn of the detonation of an explosive device. The phrase may
+have been originated by miners, who made extensive use of explosives while
+working underground.
+
+This release has been created to get a fixed package after more than two years
+of development in the CVS HEAD branch. This package contains many experimental
+changes. These changes add new features that can/will be unstable and/or
+create an inconsistent UI. If you want to use stable code, you should stick to
+the 1.4.x series of SquirrelMail. If you find issues in this package, make
+sure that they are still present in the latest development code snapshots. To
+obtain thelatest development snapshot, see
+
+ http://squirrelmail.org/download.php#snapshot
Happy SquirrelMailing!
- The SquirrelMail Project Team
projects / squirrelmail.git / blobdiff