X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=ChangeLog;h=17705bee0a5b694a23e21d2deab0b14089edb0bb;hp=c303cea1d108e6e7d0a73287ac8c2022c8fabb69;hb=97a4c2ae91f9bccc95c979d8f5b8b4f564557056;hpb=0fa9bde70c488226bcd0e1a37bb199b6b8556e77 diff --git a/ChangeLog b/ChangeLog index c303cea1..17705bee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,8 +2,20 @@ *** SquirrelMail Devel Series 1.5 *** ************************************* -Version 1.5.2 - CVS +Version 1.5.2 - SVN ------------------- + - Fix broken set_url_var function in functions/html.php (#1729814). + - Fix incorrect detection of auth mechanisms in conf.pl (#1727033). + - The search expression in the LDAP backend of the Addressbook is now + configurable, which can allow the result set to be expanded. + - Preliminary support for NAMESPACE in Squirrelmail IMAP Backend: NAMESPACE + is parsed and stored in session upon login. + - Now uses the $Forwarded IMAP keyword for forwarded messages, when it is + enabled or when arbitrary keywords ("PERMANENT FLAGS \*") are permitted. + RFC 4550, paragraph 2.8. + - Added support for authorization identifier in IMAP backend, for SASL + authentication mechanisms PLAIN and DIGEST-MD5. This can be set upon login + by use of an external plugin. - Fix warning about array required in array_keys for display options when no fontset is defined. - Added "bad plugin" blacklist in configtest.php. @@ -134,6 +146,138 @@ Version 1.5.2 - CVS - Provide View Unsafe Images link on viewing a text/html attachment. - Added APOP, TLS and STLS support to mail_fetch plugin (#575299). - Added Courier IMAP OUTBOX check to configtest utility. + - Moved login_form hook to its own table row on login page. + - Added check_plugin_version() function. + - If mailbox name starts with slash or contains ../, error message is + generated. Safety check for insecure default UW IMAP setup (#1557078). + - Ignore message copy errors when messages are deleted. Allows to delete + messages when quota is exceeded. (#614887) (#646386) (#1446026) + - Fixed unintended literal fetching (#1562271). + - Checked if configuration file is readable in configuration utility + (#1568355). + - Added PHP pspell extension support to squirrelspell plugin. + - Add CEST and MEST (non-standard) timezone codes for +0200. + - Add support for SpamAssassin's X-Spam-Status header (#1589520). + - Added plugin on/off switch, which completely disables all plugins + (optionally for one named user, otherwise for all users). + - Security: close cross site scripting vulnerability in draft, compose + and mailto functionality [CVE-2006-6142]. + - Security: work around an issue in Internet Explorer that would guess + the mime type of a file based on contents, not Content-Type header. + - Security: Multiple IE cross site scripting issues related to the + generous parsing of the words 'expression' and 'url' by IE. + - Security: Removing @import when sanitizing html mail. + - Redesigned plugin hook system. do_hook_function() has been removed + and do_hook() now emulates do_hook_function()'s return value and + also has its plugin arguments passed by value, etc. + - Drop obsolete ORDB RBL from filters plugin (#1629398). + - Add warning about magic_quotes_* in configtest. + - Unify accepted versions for imap_server_type and set_defaults (#1629722). + - Improve attachment temp file creation. + - Add ability for listcommands plugin to show post and reply links for + user-configured non-RFC 2369-compliant lists; admin must enable by + configuring plugin. Thanks to Peter Steiner. + - Fixed HttpOnly cookies again. + - Update for switch from CVS to Subversion. + - Default provider URI link fixed (was broken when on plugin options pages, etc) + - Fix URL to send read receipts from read_body (#1637572). + - Add option to ask users for personal information on first login. + - Drop redundant call to session_register, which could trigger a segfault + in PHP 4.4.5 (#1664155). + - If a date-header cannot be parsed, display the unparsed version as a + better-than-nothing alternative. + - Fix Priority and Receipt compose options being reset after return from + HTML addressbook, and allow returning from an empty address book (#1673056). + - Do not special case the 'None' folder. + - Fixes for filters issues (#1634735). + - session_id reporting session id when no active session (#1685031). + - Added sq_change_text_domain() for plugins to use when switching text + domains. If plugins use this function, it fixes #1434043. + - Add dynamic textarea sizing slider control to compose screen (default_advanced + skin) + - Security: fixes for the HTML filter to counter further XSS exploits: + HTML attachments containing 'data:' URLs, Internet Explorer-specifc + charset conversion exploits, and request forgery through included + images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon + for reporting these issues. [CVE-2007-1262, CVE-2007-2589] + - Fix busy loop and notice when two literals in IMAP fetch (#1739433). + - Resolved issue with compose session not being updated after send/save. + - Added ability to detect HTTP_X_FORWARDED_PROTO in get_location(), + thanks to Daniel Watts. + - Fix test for signout.php in the logged in check in init.php so it + cannot be circumvented by manipulating the URL. External plugins might + rely on init.php guaranteeing that the user is logged in. + - Sort readdir() output in conf.pl (#1755886). + - Made the webmail_top hook work again for plugins that want to change + the URI of the "right" frame; plugins have to change the value of the + global variable $right_frame_url + - No longer store all message composition sessions in the PHP session, + since it was not made use of and in rare cases, made sessions too big + - Composition restoration functionality now correctly restores attachments + - Added smtp_auth hook + - Removed "Include CCs when Forwarding Messages", which had no functionality + whatsoever. + - Added "preselected" query argument to mailbox list. + - Make the Message Details plugin actually show the correct entity when + viewing details of attached messages. + - Enabled user selection of address format when adding from address + book during message composition. + - Added a "short_open_tag" configuration test. + - Fixed outgoing messages to allow addresses such as "0@..." or "000@...", + etc. (#1818398). + - PAGE_NAME might not be defined in all plugins, which might cause a + "not defined" error on session timeouts. + - Allow custom session handlers to work correctly (and be defined at the + application level with SquirrelMail). + - Fix off-by-one in bodystructure parsing triggered by servers sending + a body location part (e.g. Sun Java System Messaging Server). Thanks + John Callahan (#1808382). + - Invalid initialization of To: header (#1772893). + - Added SquirrelMail debug mode. + - Handle PHP's insistence on setting the value to 'deleted' for destroyed sessions + (#1829098). + - Some IMAP servers send nil for an empty email body (See RFC2180, + section 4.1.3 on empty strings). + - Let configtest.php use optional PEAR dynamic extension loading, + patch by Walter Huijbers (#1833123). + - Fix for IMAP servers that were having problems saving sent messages + - Added "Secured Configuration" mode. + - Added edit list, checkbox, radio group, multiple-select folder list + and multiple-select string list option widget types. + - Allow database based preferences to read in default settings from the + default_pref file next to hardcoding them into the DB class, thanks + Thierry Godefroy. + - Reimplement printer friendly to make use of CSS. + - Enhanced address book page: added address list pagination, added + 'Compose to' button, put labels around address entries tied to + checkboxes, added hook and template plugin output sections for + plugins that can filter address book listings and modify the abook + navigation bar. Complements RisuMail team (risumail.jp). + - Added submit button type option widget + - Allow address lookup by fields other than nickname/alias + - Implement preference override hooks for database prefs backend that + have long been in the file-based prefs backend + - Removed the Address Take (abook_take) plugin; please see the Add Address + (third party) plugin. + - Allow a different server address for the POP server to be configured when + using POP before SMTP. + - Seed random number generator in one place during script init. + - Add native output buffering. + - Allow control over white space wrapping of auto-generated SquirrelMail + option widgets. + - Add informational type option widget + - Add password type option widget + - Make all submit button names unique on compose screen + - Make address book file permissions 0600 - same as preference files + - Added compatibility with Dovecot's bigint UIDs + - Ensure that hash directory computation is the same on both 32 and + 64 bit architectures (#2596879). + - Allow multiple addresses in one abook entry (separate with commas), + although we HIGHLY DISCOURAGE grouping in this manner - note amongst + other issues that can come up, sizing for large groups will be a + problem (#2611967) + - Added Tamil translation (Thanks to Kengatharaiyer Sarveswaran). + - Added Bengali (Bangladesh) translation (Thanks to Jamil Ahmed). Version 1.5.1 (branched on 2006-02-12) --------------------------------------