/*****************************************************************
- * Release Notes: SquirrelMail 1.2.3 *
- * The "One-Eyed Programmer" Release *
- * 21 January 2002 *
- *****************************************************************/
+ * Release Notes: SquirrelMail 1.5.1 *
+ * The "Fire in the Hole" Release *
+ * 2006-02-19 *
+*****************************************************************/
+
+WARNING. If you can read this, then you are reading file from 1.5.1cvs and not
+final release notes.
- Note: Please see the ChangeLog for 1.2.0, 1.2.1 and 1.2.2 bugs
- that have been fixed in this 1.2.2 release.
-After a long wait, SquirrelMail is finally making a new major stable
-series release. The past year has been ANYTHING but uneventful for
-the SquirrelMail Project. This year has seen two leadership changes,
-the release of the 1.0 series, the 1.1 development series, and now
-finally the much awaited 1.2 release.
In this edition of SquirrelMail Release Notes:
- * All about this Release!!!
- * Reporting my favorite SquirrelMail 1.2 bug
- * Important Note about PHP 4.1.0
- * Where are we going from here?
- * About our Release Aliases
-
-All about this Release!!!
-=========================
-
-Being one of the most popular webmail clients, the developers of
-SquirrelMail feel a huge desire and responsibility to continue push
-the envelope and make SquirrelMail the best it can possibly be. You
-will not be disappointed with this release, as it is by far the most
-feature rich, and yet it is still the same sleek and unbloated and
-cuddly webmail application that we have all grown to love. Here is
-an incomplete list of new features and enhancements since the last
-stable release.
-
- * Collapsible Folders - The folder list can be collapsed at any
- parent folder. This makes folder lists with large
- hierarchical structures much easier to manage and navigate.
- * The Paginator! - This enables quick access to any page in the
- message list by simply choosing the page number to view
- rather than tediously clicking "next" 50 times.
- * Hundreds of UI tweaks - The user interface has been given a
- face-lift. The HTML has been largely overhauled, and while
- it still has the same general feel, it has been made more
- intuitive.
- * Drafts - It is now possible to compose a message and save it to
- be sent at a later date with the drafts option.
- * New Options Page - The options page has been completely
- rewritten for several reasons, the main of which was to
- allow seamless integration of plugin options and to
- provide uniformity throughout the entire section.
- * Multiple Identities - It is now possible to create different
- identities (home, work, school) that can be chosen upon
- sending. Each identity can have its own email address,
- full name, and signature.
- * Reply Citations - Different types of citations are now possible
- when replying to messages.
- * Better Attachment Handling - The plugin, attachment_common, has
- been fully integrated into the core of SquirrelMail. This
- allows inline viewing of several different types of
- attachments.
- * Integration of Several Plugins - The following plugins have been
- put directly into the core. As a result, be sure not to
- install these as plugins, as the result may be (at best)
- unpredictable: attachment_common, paginator, priority,
- printer_friendly, sqclock, xmailer.
- * Improved support for newer versions of PHP. Note that you may
- have trouble if you are running PHP version 4.0.100
- (commonly distributed with Debian 3.0).
- * Ability to mark messages as read and unread from the message listing.
- * Alternating Colors - The message list now alternates row colors
- by default. This presents a much cleaner and easier to
- read interface to the user.
-
-Aside from these obvious front end features, there are hundreds of
-bugs that have been fixed, and much of the code has been optimized
-and/or rewritten. This stable release is far superior in all
-aspects to all previous versions of SquirrelMail.
-
- Home Page: http://www.squirrelmail.org/
- Download: http://www.squirrelmail.org/download.php
- ScreenShots: http://www.squirrelmail.org/screenshots.php
-
-
-Reporting my favorite SquirrelMail 1.2 bug
-==========================================
-
-Of course, in the words of Linus Torvalds, this release is officially
-certified to be Bug-Free (tm).
-
-However, if for some reason some bugs manage to find their way to the
-surface, please report them at once (after all, they ARE uncertified
-bugs!!!) The PROPER place to report these bugs is the SquirrelMail Bug
-Tracker.
+ * All about this Release!
+ * Major updates
+ * Security updates
+ * Plugin updates
+ * Possible issues
+ * Backwards incompatible changes
+ * Data directory changes
+ * Reporting my favorite SquirrelMail bug
+
+All about this Release!
+=======================
+
+This is the second release of our new 1.5.x-series, which is a
+DEVELOPMENT release.
+
+See the Major Updates section of this file for more.
+
+
+Major updates
+==============
+Rewritten IMAP functions and added extra data caching code. Internal sorting
+functions should be faster than code used in SquirrelMail 1.5.0 and older
+versions. Data caching should reduce number of IMAP calls in folder management
+and mailbox status functions.
+
+Own gettext implementation replaced with PHP Gettext classes. Update adds
+ngettext and dgettext support.
+
+Templates, css and error handler.
+
+SquirrelMail started using internal cookie functions in order to have more
+controls over cookie format. Cookies set with sqsetcookie() function use
+extra parameter that secures cookie information in browsers that follow
+MSDN cookie specifications.
+
+SquirrelMail IMAP and SMTP libraries updated to allow use of STARTTLS extension.
+Code is experimental and requires PHP 5.1.0 or newer with
+stream_socket_enable_crypto() function support.
+
+Updated wrapping functions in compose.
+
+
+Security updates
+================
+
+This release contains security fixes applied to development branch after 1.5.0
+release:
+ CVE-2004-0521 - SQL injection vulnerability in address book.
+ CVE-2004-1036 - XSS exploit in decodeHeader function.
+ CVE-2005-0075 - Potential file inclusion in preference backend selection code.
+ CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php.
+ CVE-2005-0104 - Possible XSS issues in src/webmail.php.
+ CVE-2005-1769 - Several cross site scripting (XSS) attacks.
+ CVE-2005-2095 - Extraction of all POST variables in advanced identity code.
+ CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php.
+ CVE-2006-0195 - Possible XSS in MagicHTML, IE only.
+ CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter.
+
+If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest
+stable SquirrelMail version.
+
+Plugin updates
+==============
+Added site configuration options to filters, fortune, translate, newmail,
+bug_report plugins. Improved newmail and change_password plugins. Fixed data
+corruption issues in calendar plugin.
+
+SquirrelSpell plugin was updated to use generic SquirrelMail preference functions.
+User preferences and personal dictionaries that were stored in .words files are
+moved to .pref files or other configured user data storage backend.
+
+
+Possible issues
+===============
+Internal SquirrelMail cookie implementation is experimental. If you have cookie
+expiration or corruption issues with some browser and can reproduce them only in
+1.5.1 version, contact SquirrelMail developers and help them to debug your issue.
+
+SquirrelMail 1.5.1 changed some functions and hooks. login_form hook requires
+different coding style. html_top, html_bottom, internal_link hooks are removed.
+src/move_messages.php code moved to main mailbox listing script. Some hooks are
+broken after implementation of templates in mailbox listing pages. soupNazi()
+function is replaced with checkForJavascript() function. sqimap_messages_delete,
+sqimap_messages_copy, sqimap_messages_flag and sqimap_get_small_header()
+functions are obsoleted. Some IMAP functions return data in different format.
+If plugins depend on changed or removed functions, they will break in this
+SquirrelMail version.
+
+This SquirrelMail version implemented code that unregisters globals in PHP
+register_globals=on setups. If some plugin loads main SquirrelMail functions
+and depends on PHP register_globals, it will be broken.
+
+IMAP sorting/threading
+
+Backward incompatible changes
+=============================
+Index order options are modified in 1.5.1 version. If older options are
+detected, interface upgrades to newer option format and deletes old options.
- http://www.squirrelmail.org/bugs
+In 1.5.1 version SquirrelSpell user dictionaries are saved with generic
+SquirrelMail data functions. Code should copy older dictionary, if dictionary
+version information is not present in user preferences. Once dictionary is
+copied, <username>.words files are obsolete and no longer updated.
-Thank you for your cooperation in that issue. That helps us to make
-sure that nothing slips through the cracks. Also, it would help if
-people would check existing tracker items for a bug before reporting
-it again. This would help to eliminate duplicate reports, and
-increase the time we can spend CODING by DECREASING the time we
-spend sorting through bug reports. And remember, check not only OPEN
-bug reports, but also closed ones as a bug that you report MAY have
-been fixed in CVS already.
+If same data directory is used with other backwards incompatible version, older
+SquirrelMail version can lose some user preferences or work with outdated data.
+Data directory
+==============
-Important Note about PHP 4.1.0
-==============================
+The directory data/ used to be included in our tarball. Since placing this dir
+under a web accessible directory is not very wise, we've decided to not pack it
+anymore; you need to create it yourself. Please choose a location that's safe,
+e.g. somewhere under /var.
-First of all, let me say that you all HAVE been warned: the
-SquirrelMail Project Team is not supporting PHP 4.1.0 for the 1.2.0
-release. Basically, SquirrelMail was in the final death throws of
-this development series when the witty PHP folks decided to make the
-release of 4.1.0. Of course, we greatly appreciate their hard work! :)
-However, we were too close to the end of this whole thing to be able
-to spend the week or two EXTRA that it will take to get SquirrelMail
-1.2 PHP 4.1.0 ready. This will, on the bright side, be a major
-priority amongst the team in the immediate future. At first look, it
-seems that 4.1.0 support should just require a collection of
-relatively minor tweaks. You can expect 4.1.0 support within 2-3
-weeks, as a part of a later 1.2.X release.
+Reporting my favorite SquirrelMail bug
+======================================
+We constantly aim to make SquirrelMail even better. So we need you to submit
+any bug you come across! Also, please mention that the bug is in this 1.5.1
+release, and list your IMAP server and webserver details.
-Where are we going from here?
-=============================
+ http://www.squirrelmail.org/bugs
+
+Thanks for your cooperation with this. That helps us to make sure nothing slips
+through the cracks. Also, it would help if people would check existing tracker
+items for a bug before reporting it again. This would help to eliminate
+duplicate reports, and increase the time we can spend CODING by DECREASING the
+time we spend sorting through bug reports. And remember, check not only OPEN
+bug reports, but also closed ones as a bug that you report MAY have been fixed
+in CVS already.
+
+If you want to join us in coding SquirrelMail, or have other things to share
+with the developers, join the development mailing list:
+
+ squirrelmail-devel@lists.sourceforge.net
+
+
+About Our Release Alias
+=======================
+
+This release is labeled the "Fire in the Hole" release. "Fire in the hole" is
+a phrase used to warn of the detonation of an explosive device. The phrase may
+have been originated by miners, who made extensive use of explosives while
+working underground.
-After things cool down a bit and the smoke clears from 1.2,
-progress will begin on the Great SquirrelMail Rewrite, also known as
-the 1.3 development branch. This branch will eventually become the
-long talked about SquirrelMail 2.0. The major developmental emphasis
-for SquirrelMail 2.0 will be in making SquirrelMail more flexible
-and modular so that it might do a better job meeting the needs of
-our system administrators and end-users. We are greatly anticipating
-working in this area.
-
-At the same time, we will kick start the SquirrelMail Teams. For
-some time now, we have been planning a reorganization of the project
-into a variety of sub-teams. Each sub-team will focus on a different
-aspect of SquirrelMail Project work. These teams will hopefully help
-keep the SquirrelMail project more on track and to provide some
-semblance of order. This project has grown so large in the past two
-years that an orderly structure is necessary if anything is to get
-done effectively. The teams (as planned) are as follows:
-
- Stable Series Team: Maintains the stable series
- Development Series Team: Works on the development series
- i18n Team: Handles i18n (internationalization) work
- Plugin Team: Manages the mass of plugins
- User Support Team: Helps users with their problems
- Documentation Team: Manages the documentation
- Evangelism Team: Spreads the good news of SquirrelMail
-
-Teams will be led by one or two SquirrelMail team members. And team
-members can participate in as many teams as he or she desires.
-
-For the next few weeks, the developers will be working on bug-fixing
-and making the 1.2 series rock solid. After that, about mid January,
-focus will shift toward getting the teams in gear and starting work
-on the SquirrelMail 1.3 development series.
-
-
-About our Release Aliases - by Wouter Teepe
-=========================
-
-Philippe, one of our main developers has been having quite some trouble
-with the health of his eyes. Though luckily it is not of a permanent
-nature, it is terrible enough. Essentially he had only one eye
-available when he was squashing many of the bugs that are fixed in this
-release.
-
-However, more eyes have been helping in making this release
-possible. I'd also like to specially thank Bron Godwana, who traced a
-bug in the IMAP code - and fixed it.
-
-See http://www.squirrelmail.org/wiki/SquirrelRelease for more details.
+Release is created in order to get fixed package after two years of development
+in HEAD branch. Package contains many experimental changes. Changes add new
+features, that can be unstable and cause inconsistent UI. If you want to use
+stable code, you should stick to SquirrelMail 1.4.x series. If you find issues
+in this package, make sure that they are still present in latest development
+code snapshots.
Happy SquirrelMailing!
- The SquirrelMail Project Team