X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=ChangeLog;h=927054ec110d3e38ea71c929c21f9ff28b5e611d;hp=5415711d6f84ac1bd8604f3d4c4542ee4f1fba21;hb=4f21ba00a032d9ab17337ab91aa7426480986bd9;hpb=d7dd040a74eb0241a90f97cf1471482f05145956 diff --git a/ChangeLog b/ChangeLog index 5415711d..927054ec 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,7 +5,7 @@ Version 1.5.1 -- CVS -------------------- - New reply citation to include date and author. - - Fix some possible XSS bugs. + - Security: Fix some possible XSS bugs. - Norwegian Bokmal translation uses nb_NO. - Integrated Msg_Flags plugin - turn on/off icons using configuration tool, menu number 11 (Tweaks), option number 3, after which users must select an icon @@ -59,14 +59,14 @@ Version 1.5.1 -- CVS - Make used of cached ordered uid list in case of server_side_sorting. - Rewrite of internal mailbox sorting routines. - Added sort by message size. - - Fixed XSS vulnerability in content-type display in the attachment area - of read_body.php discovered by Roman Medina. + - Security: Fixed XSS vulnerability in content-type display in the attachment + area of read_body.php discovered by Roman Medina. - Get alternating row colors of addressbook in sync with mailbox list. - Give proper error when PEAR DB not found. - Remove inappropriate strip_tags() from add-to-addressbook (#968475). - Prefs caching didn't work properly with register_globals off (#995102). - Security: fix SQL injection vulnerability in addressbook - (CVE ID: CAN-2004-0521). + [CAN-2004-0521]. - Removed html_top and html_bottom hooks. No longer used/needed. - Added "trailing text" for options built by SquirrelMail (text placed after text and select list inputs on options pages) @@ -76,7 +76,7 @@ Version 1.5.1 -- CVS - Current hook name is now globally available when running a hook ($currentHookName) - Fix bug when Saving to Draft folder that contains special characters. - Added size limit to signatures saved in file backend. Created error_option_save - function, that allows sending error message to options page. Thanks to Martynas + function, that allows sending error message to options page. Thanks to Martynas Bieliauskas for spotting big signature "option". - Make SquirrelSpell work with safe_mode enabled, if using PHP >=4.3.0. Patch by Ray Ferguson. @@ -93,13 +93,13 @@ Version 1.5.1 -- CVS - $agresive_decoding configuration option changed to $aggressive_decoding. Fixed spelling. - Added $lossy_encoding option (provides fix for #806698) - - Reenabled use of $default_charset option. Option works only with en_US + - Reenabled use of $default_charset option. Option works only with en_US translation in order to prevent language/charset misconfiguration. - Fixes for nonpopulation of folder lists and errors when emptying the trash (provides fixes for #1019185 and #1017941) - Fixed $custom_css loading in squirrelspell plugin. - - Turkish translation uses C character case conversion rules. Fixes php and - squirrelmail functions are assume English conversion rules. + - Turkish translation uses C character case conversion rules. Fixes PHP and + SquirrelMail functions are assume English conversion rules. - Fixed problem that caused an error when deleting all messages on the last page of a paginated view (provides fix for #1014612) - Added MySQL password/UNIX crypt support to mysql backend in the @@ -121,19 +121,19 @@ Version 1.5.1 -- CVS - Removed japanese_xtra function used by older XTRA_CODE calls. Plugins should use separate xtra_code functions. Older function does not provide information about supported options. - - Added php-gettext classes (see class/l10n/*.php) and ngettext support + - Added php-gettext classes (see class/l10n/*.php) and ngettext support functions (provides fix for #1019007). - LC_NUMERIC locale is set to C. (workaround for #1027130). Some plugins might use decimal delimiters incorrectly. - Added sq_is8bit function that can be used to detect 8bit strings. - Added sq_mb_list_encodings function that provides list of encodings supported - by php mbstring module. + by PHP mbstring module. - Added Content-Transfer-Encoding: 8bit header for read receipts that contain 8bit symbols. (provides fix for #934033). - Fixed decoding function problems when mbstring.func_override has MB_OVERLOAD_REGEX enabled. - - Fixed XSS exploit in decodeHeader function. - - Added site configuration and custom translation engine support to translate + - Security: Fixed XSS exploit in decodeHeader function. [CAN-2004-1036] + - Added site configuration and custom translation engine support to translate plugin. - Fixed SquirrelSpell error output. Patch courtesy David Boone. - Fixed bug in IMAP read routines that treated "0" as false instead of @@ -142,18 +142,39 @@ Version 1.5.1 -- CVS - Added compact paginator option. Patch by Felix Egli. - Fixed reply/forward form in order to avoid warnings in SSL enabled sites. Patch by Felix Egli. - - Removed command line option unsupported by qmail-inject in + - Removed command line option unsupported by qmail-inject in class/deliver/Deliver_SendMail.class.php. Thanks to Ken Brush. - Global file based address book is controled in configuration. Removed global_file address book backend (use 'local_file' instead). - Added Net-Style theme by Gabriele Maidecchi. Closes patch #1041323. - - Fix: Messages shown with bad times in message list due to misinterpreted + - Fix: Messages shown with bad times in message list due to misinterpreted UW IMAP internal date. - Fixed path used by random theme. - - Utf7-imap encoding/decoding functions will check, if required charset is + - Utf7-imap encoding/decoding functions will check, if required charset is supported by mbstring and use it. Fixes bug #1005353. - - LDAP backend will use internal squirrelmail charset conversion functions - instead of php xml extension. Fixes bug #655137. + - LDAP backend will use internal SquirrelMail charset conversion functions + instead of PHP XML extension. Fixes bug #655137. + - Added Wood theme and Silver Steel theme by Pavel Spatny and Simple Green theme + - Fix two time zone calculation bugs, thanks to David White. Fixes #1063879. + - 'Priority' and 'Importance' headers are now also recognised, next to the + 'X-Priority' header that we've supported since a long time. Fixes #1039935. + - Handle a reload of the signout page gracefully: do not present an error + about having to be logged in to be able to sign out. Fixes #1070069. + - Prevent & being eaten in set_url_var, thanks Marcin Orlowski. Fixes #1053725. + - Removed internal_link hook. + - Added sq_setlocale function in order to use multiple locale names. + - Added size attributes to new_mail sound tags. Fixes #818958. + - Removed extra ; in SquirrelMail added Received header per RFC 822. Fixes #1088548. + - Add IMAP server type "hmailserver" to make search work with hMailServer. + Fixes #1085377. + - Reuploaded newmail plugin sounds. Fixes files uploaded to cvs without binary + option. + - Changing your JavaScript preference required a re-login to work. + Fixes #983614. + - Fix listcommands plugin to behave like normal reply/compose + links, and return to message page that originally called from. + - Max upload file size now correctly handles a '-1' value, meaning + unlimited (#1094569). Version 1.5.0 -------------------- @@ -316,7 +337,7 @@ Version 1.4.0 -- 3 April 2003 - Update required PHP version in documentation to 4.0.6. - Fixed delete_move_next plugin to remember where it moved mail to. - Fixed compose to remember attachments. - - Fixed possible XSS in compose when replying to malicious sources. + - Security: Fixed possible XSS in compose when replying to malicious sources. - Add display of the maximum filesize for attachment uploads. - Do not add < and > if an identity doesn't contain a full name. - Fixed bug in parsing Content-Type properties part. @@ -343,7 +364,7 @@ Version 1.4.0 RC 2a - Fix IMAP error when returning to message from viewing image attachment. - Do more trimming to indented subjects in threadview so they don't wrap. - Trash folder now displays purge link in all cases. (Closes #655943) - - Fix typo in delete_move_next plugin which caused php file-handle errors. + - Fix typo in delete_move_next plugin which caused PHP file-handle errors. - Make vCard more liberal in what it accepts (thanks Kurt Pires). - Fix problem with subject encoding when using Japanse. - Move login_form hook to be actually in the login form. @@ -358,7 +379,7 @@ Version 1.4.0 RC 2a - Correctly fold encoded header lines. - Fix prefs caching not working correctly in PHP 4.3 caused by a stupid version checking mechanism. - - Fix XSS hole that allowed JavaScript execution by sending someone + - Security: Fix XSS hole that allowed JavaScript execution by sending someone an email with specially crafted headers. Thanks Jason Munro, and Masato Higashiyama. @@ -371,7 +392,7 @@ Version 1.4.0 RC 1 - Added CRAM-MD5 and DIGEST-MD5 authentication support for IMAP and SMTP - Experimental TLS support for IMAP and SMTP (requires PHP 4.3.x) - Override settings with config_local.php - - Compose form no longer shows attachment options if php file_uploads + - Compose form no longer shows attachment options if PHP file_uploads disabled - Improved bodystructure parsing. - Support for windows-1257 charset. @@ -472,13 +493,13 @@ Version 1.2.7 -- June 21 2002 Version 1.2.6 -- April 29 2002 ------------------------------ - - A complete MagicHTML rewrite since the existing codebase was + - Security: A complete MagicHTML rewrite since the existing codebase was causing too many XSS problems. Hopefully now Nick Cleaton will leave us alone. :) Testing credits go to Nick. - - Fix for cross-site scripting vulnerability (bug #545933) + - Security: Fix for cross-site scripting vulnerability (bug #545933) Reported by Nick Cleaton. - Changing "emtpy" to "purge" for more clarity. - - Fix for cross-site scripting vulnerability (bug #544658) + - Security: Fix for cross-site scripting vulnerability (bug #544658) Reported by Nick Cleaton. - Fix for incorrect word wrap in Opera (bug #495073) - Workaround for older prefs: some of them contain "None" for @@ -493,7 +514,7 @@ Version 1.2.6 -- April 29 2002 - Added a server-side sorting global option - Compose in new window size can be set in Display prefs. - Logout error system unified. - - Fix for a "theme passed as cookie" exploit. + - Security: Fix for a "theme passed as cookie" exploit. [CVE-2002-0516] - PostgreSQL is now supported for database backed use - Added user option to sort messages by internal date - Changed attachment handling now attachments are adressed to @@ -564,7 +585,7 @@ Version 1.2.5 -- 22 February 2002 Version 1.2.4 -- 25 January 2002 -------------------------------- - - Fixes a nasty remote arbitrary command execution vulnerability + - Security: Fixes a nasty remote arbitrary command execution vulnerability in the spellchecker plugin. Version 1.2.3 -- 21 January 2002 @@ -657,17 +678,17 @@ Version 1.2.0 -- 25 December 2001 *************************************************************** -*** Squirrelmail Development Series 1.1 and 1.1 Pre-Releases *** +*** SquirrelMail Development Series 1.1 and 1.1 Pre-Releases *** **************************************************************** Version 1.2.0-rc3 -- 2 December 2001 ------------------------------------ - Speed improvements and optimizations on much of the code - Comments added, formatting cleaned up for much of the code - - Several plugins integrated into the Squirrelmail core + - Several plugins integrated into the SquirrelMail core (focus change, attachment common, printer friendly, etc) - Several plugins added as "Official Plugins" to the main - Squirrelmail distribution + SquirrelMail distribution - First half of a rewrite of the option pages code - The Paginator!!! - Other stuff that I don't recall (developers, please fill this in!) @@ -720,7 +741,7 @@ Version 1.1.0 -- April 21, 2000 ************************************** -*** Squirrelmail Stable Series 1.0 *** +*** SquirrelMail Stable Series 1.0 *** ************************************** Version 1.0.6 -- April 19, 2001 @@ -735,6 +756,7 @@ Version 1.0.6 -- April 19, 2001 Version 1.0.5 -- April 17, 2001 ------------------------------- - MAJOR security issues addressed. Please upgrade as soon as possible. + [CAN-2001-1159] - Downloading attachments should work better due to a tip by Ray Black III. - Fixed bug with drop-down folder list not containing INBOX - Added Swedish help files Teemu Junnila @@ -801,7 +823,7 @@ Version 1.0 -- January 30, 2001 ******************************************************** -*** Squirrelmail Development Series 1.0 Pre-Releases *** +*** SquirrelMail Development Series 1.0 Pre-Releases *** ******************************************************** Version 1.0pre3 -- January 22, 2001 @@ -869,7 +891,7 @@ Version 1.0pre1 -- December 14, 2000 ***************************************** -*** Squirrelmail 0.5 and Pre-Releases *** +*** SquirrelMail 0.5 and Pre-Releases *** ***************************************** Version 0.5 -- September 25, 2000 @@ -924,7 +946,7 @@ Version 0.5pre1 -- August 9, 2000 ***************************************** -*** Squirrelmail 0.4 and Pre-Releases *** +*** SquirrelMail 0.4 and Pre-Releases *** ***************************************** Version 0.4 -- May 15, 2000 @@ -974,7 +996,7 @@ Version 0.4pre1 -- April 29, 2000 ***************************************** -*** Squirrelmail 0.3 and Pre-Releases *** +*** SquirrelMail 0.3 and Pre-Releases *** ***************************************** Version 0.3.1 -- March 13, 2000 @@ -1022,7 +1044,7 @@ Version 0.3pre1 -- February 17, 2000 ***************************************** -*** Squirrelmail 0.2 and Pre-Releases *** +*** SquirrelMail 0.2 and Pre-Releases *** ***************************************** Version 0.2.1 -- January 05, 2000 @@ -1041,7 +1063,7 @@ Version 0.2 -- January 02, 2000 ***************************************** -*** Squirrelmail 0.1 and Pre-Releases *** +*** SquirrelMail 0.1 and Pre-Releases *** ***************************************** Version 0.1.2 -- December 20, 1999