X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=ReleaseNotes;h=9232aecde76295ef28ae5d58d3205d72afcf4ffc;hp=d95f70b5414d6f4c7a8fb9929b82a0e45fa6b7ef;hb=b4df37a525c34a317d5f6ff10baa518f75448703;hpb=7aa617a02832838402cac7c29f5b0113e53be296 diff --git a/ReleaseNotes b/ReleaseNotes index d95f70b5..9232aecd 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -1,179 +1,206 @@ /***************************************************************** - * Release Notes: SquirrelMail 1.2.3 * - * The "One-Eyed Programmer" Release * - * 21 January 2002 * - *****************************************************************/ + * Release Notes: SquirrelMail 1.5.2 * + * The "" Release * + * 2006-xx-xx * +*****************************************************************/ - Note: Please see the ChangeLog for 1.2.0, 1.2.1 and 1.2.2 bugs - that have been fixed in this 1.2.2 release. +WARNING. If you can read this, then you are reading file from cvs and not +final release notes. -After a long wait, SquirrelMail is finally making a new major stable -series release. The past year has been ANYTHING but uneventful for -the SquirrelMail Project. This year has seen two leadership changes, -the release of the 1.0 series, the 1.1 development series, and now -finally the much awaited 1.2 release. In this edition of SquirrelMail Release Notes: - * All about this Release!!! - * Reporting my favorite SquirrelMail 1.2 bug - * Important Note about PHP 4.1.0 - * Where are we going from here? - * About our Release Aliases - -All about this Release!!! -========================= - -Being one of the most popular webmail clients, the developers of -SquirrelMail feel a huge desire and responsibility to continue push -the envelope and make SquirrelMail the best it can possibly be. You -will not be disappointed with this release, as it is by far the most -feature rich, and yet it is still the same sleek and unbloated and -cuddly webmail application that we have all grown to love. Here is -an incomplete list of new features and enhancements since the last -stable release. - - * Collapsible Folders - The folder list can be collapsed at any - parent folder. This makes folder lists with large - hierarchical structures much easier to manage and navigate. - * The Paginator! - This enables quick access to any page in the - message list by simply choosing the page number to view - rather than tediously clicking "next" 50 times. - * Hundreds of UI tweaks - The user interface has been given a - face-lift. The HTML has been largely overhauled, and while - it still has the same general feel, it has been made more - intuitive. - * Drafts - It is now possible to compose a message and save it to - be sent at a later date with the drafts option. - * New Options Page - The options page has been completely - rewritten for several reasons, the main of which was to - allow seamless integration of plugin options and to - provide uniformity throughout the entire section. - * Multiple Identities - It is now possible to create different - identities (home, work, school) that can be chosen upon - sending. Each identity can have its own email address, - full name, and signature. - * Reply Citations - Different types of citations are now possible - when replying to messages. - * Better Attachment Handling - The plugin, attachment_common, has - been fully integrated into the core of SquirrelMail. This - allows inline viewing of several different types of - attachments. - * Integration of Several Plugins - The following plugins have been - put directly into the core. As a result, be sure not to - install these as plugins, as the result may be (at best) - unpredictable: attachment_common, paginator, priority, - printer_friendly, sqclock, xmailer. - * Improved support for newer versions of PHP. Note that you may - have trouble if you are running PHP version 4.0.100 - (commonly distributed with Debian 3.0). - * Ability to mark messages as read and unread from the message listing. - * Alternating Colors - The message list now alternates row colors - by default. This presents a much cleaner and easier to - read interface to the user. - -Aside from these obvious front end features, there are hundreds of -bugs that have been fixed, and much of the code has been optimized -and/or rewritten. This stable release is far superior in all -aspects to all previous versions of SquirrelMail. - - Home Page: http://www.squirrelmail.org/ - Download: http://www.squirrelmail.org/download.php - ScreenShots: http://www.squirrelmail.org/screenshots.php - - -Reporting my favorite SquirrelMail 1.2 bug -========================================== - -Of course, in the words of Linus Torvalds, this release is officially -certified to be Bug-Free (tm). - -However, if for some reason some bugs manage to find their way to the -surface, please report them at once (after all, they ARE uncertified -bugs!!!) The PROPER place to report these bugs is the SquirrelMail Bug -Tracker. - - http://www.squirrelmail.org/bugs - -Thank you for your cooperation in that issue. That helps us to make -sure that nothing slips through the cracks. Also, it would help if -people would check existing tracker items for a bug before reporting -it again. This would help to eliminate duplicate reports, and -increase the time we can spend CODING by DECREASING the time we -spend sorting through bug reports. And remember, check not only OPEN -bug reports, but also closed ones as a bug that you report MAY have -been fixed in CVS already. - - -Important Note about PHP 4.1.0 -============================== - -First of all, let me say that you all HAVE been warned: the -SquirrelMail Project Team is not supporting PHP 4.1.0 for the 1.2.0 -release. Basically, SquirrelMail was in the final death throws of -this development series when the witty PHP folks decided to make the -release of 4.1.0. Of course, we greatly appreciate their hard work! :) - -However, we were too close to the end of this whole thing to be able -to spend the week or two EXTRA that it will take to get SquirrelMail -1.2 PHP 4.1.0 ready. This will, on the bright side, be a major -priority amongst the team in the immediate future. At first look, it -seems that 4.1.0 support should just require a collection of -relatively minor tweaks. You can expect 4.1.0 support within 2-3 -weeks, as a part of a later 1.2.X release. - - -Where are we going from here? + * All About This Release! + * Major Updates + * Security Updates + * Plugin Updates + * Possible Issues + * Backwards Incompatible Changes + * Data Directory Changes + * Reporting Your Favorite SquirrelMail Bug + + +All About This Release! +======================= +This is the second release of our new 1.5.x-series, which is a +DEVELOPMENT release. + +See the Major Updates section of this file for more information. + + +Major Updates +============== +Rewritten IMAP functions and optimized IMAP data caching code. Internal +sorting functions should be faster than code used in SquirrelMail <= 1.5.0. +Together with the optimized caching code, all the logic concerning sorting has +been rewritten so that Squirrelmail can display more columns with sort support +in the messages list. I.e. the From and To column in the same view sorted on +size. Also, the number of IMAP calls is reduced by smarter caching in the IMAP +mailbox area and by the optimized header and sort cache code. Reducing the +amount of IMAP calls will lower the load on your IMAP server and increase +SquirrelMail performance. + +In-house gettext implementation replaced with PHP Gettext classes. Update adds +ngettext and dgettext support. + +Begin work on separating the SquirrelMail internal logic from user interface +related logic. This has resulted in the first (very) rough CSS-based PHP +templates. In future releases we will finish the mentioned separation and work +on simpler templates. + +Added JavaScript-based message row highlighting code (disabled by default) for +faster selection of messages in the messages list. + +Usage of a centralized error handler. Development will continue in 1.5.2. + +SquirrelMail has started using internal cookie functions in order to have more +control over cookie format. Cookies set with sqsetcookie() function now use an +extra parameter (HttpOnly) to secure cookie information by making the cookie +not accessible to scripts (particularly, JavaScript). This feature is only +supported in browsers that follow the MSDN cookie specifications (see +http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp). +Currently this is limited to IE6 >= SP1. + +SquirrelMail IMAP and SMTP libraries now support use of STARTTLS extension. +The code is experimental and requires PHP 5.1.0 or newer with +stream_socket_enable_crypto() function support enabled. + +Updated wrapping functions in compose. New wrapping code improves quoting +of text chapters. Thanks to Justus Pendleton. + +Added code for advanced searching in messages. Now it's possible to switch +between normal search and advanced search. + +Main SquirrelMail code implements view_as_html and folder_settings plugin +features. These plugins should not be used in SquirrelMail 1.5.1. + + +Security Updates +================ +This release contains security fixes applied to development branch after 1.5.0 +release: + CVE-2004-0521 - SQL injection vulnerability in address book. + CVE-2004-1036 - XSS exploit in decodeHeader function. + CVE-2005-0075 - Potential file inclusion in preference backend selection code. + CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php. + CVE-2005-0104 - Possible XSS issues in src/webmail.php. + CVE-2005-1769 - Several cross site scripting (XSS) attacks. + CVE-2005-2095 - Extraction of all POST variables in advanced identity code. + CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php. + CVE-2006-0195 - Possible XSS in MagicHTML, IE only. + CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter. + +If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest +stable SquirrelMail version. + + +Plugin Updates +============== +Added site configuration options for filters, fortune, translate, newmail, +bug_report plugins. Improved newmail and change_password plugins. Fixed data +corruption issues in calendar plugin. + +SquirrelSpell plugin was updated to use generic SquirrelMail preference functions. +User preferences and personal dictionaries that were stored in .words files are +moved to .pref files or other configured user data storage backend. + + +Possible Issues +=============== +Internal SquirrelMail cookie implementation is experimental. If you have cookie +expiration or corruption issues and can reproduce them only in 1.5.1 version, +contact one of the SquirrelMail developers and to help them debug the issue. + +SquirrelMail 1.5.1 changed some functions and hooks. login_form hook requires +different coding style. html_top, html_bottom, internal_link hooks have been +removed. src/move_messages.php code has been moved to the main mailbox listing +script. Some hooks may be broken after implementation of templates, especially +in mailbox listing pages. soupNazi() function has been replaced with the +checkForJavascript() function. sqimap_messages_delete(), +sqimap_messages_copy(), sqimap_messages_flag() and sqimap_get_small_header() +functions are now obsolete. Some IMAP functions return data in different +format. If plugins depend on changed or removed functions, they will break in +this version of SquirrelMail. + +This SquirrelMail version added http headers that prevent caching of pages by +proxies. Headers are added in SquirrelMail displayHtmlHeader() function. Changes +require that html output is not started before displayHtmlHeader() is called. If +some code starts output, PHP errors will be displayed. If plugins display +notices in options_save hook and don't stop script execution on error, page +display will be broken. + +SquirrelMail 1.5.1 implemented code that unregisters globals in PHP +register_globals=on setups. Plugins that load main SquirrelMail functions and +depend on PHP register_globals=on will be broken. + +IMAP sorting/threading +By default, SquirrelMail will make use of the capabilities provided by the IMAP +server. This means that if the IMAP server supports SORT and THREAD sorting then +SquirrelMail makes use of it. Some broken IMAP servers advertise the SORT and +THREAD capabilities although they do not support it. For those IMAP servers +there is a config option to disable the use of SORT and THREAD sort. + +Backward Incompatible Changes ============================= - -After things cool down a bit and the smoke clears from 1.2, -progress will begin on the Great SquirrelMail Rewrite, also known as -the 1.3 development branch. This branch will eventually become the -long talked about SquirrelMail 2.0. The major developmental emphasis -for SquirrelMail 2.0 will be in making SquirrelMail more flexible -and modular so that it might do a better job meeting the needs of -our system administrators and end-users. We are greatly anticipating -working in this area. - -At the same time, we will kick start the SquirrelMail Teams. For -some time now, we have been planning a reorganization of the project -into a variety of sub-teams. Each sub-team will focus on a different -aspect of SquirrelMail Project work. These teams will hopefully help -keep the SquirrelMail project more on track and to provide some -semblance of order. This project has grown so large in the past two -years that an orderly structure is necessary if anything is to get -done effectively. The teams (as planned) are as follows: - - Stable Series Team: Maintains the stable series - Development Series Team: Works on the development series - i18n Team: Handles i18n (internationalization) work - Plugin Team: Manages the mass of plugins - User Support Team: Helps users with their problems - Documentation Team: Manages the documentation - Evangelism Team: Spreads the good news of SquirrelMail - -Teams will be led by one or two SquirrelMail team members. And team -members can participate in as many teams as he or she desires. - -For the next few weeks, the developers will be working on bug-fixing -and making the 1.2 series rock solid. After that, about mid January, -focus will shift toward getting the teams in gear and starting work -on the SquirrelMail 1.3 development series. - - -About our Release Aliases - by Wouter Teepe -========================= - -Philippe, one of our main developers has been having quite some trouble -with the health of his eyes. Though luckily it is not of a permanent -nature, it is terrible enough. Essentially he had only one eye -available when he was squashing many of the bugs that are fixed in this -release. - -However, more eyes have been helping in making this release -possible. I'd also like to specially thank Bron Godwana, who traced a -bug in the IMAP code - and fixed it. - -See http://www.squirrelmail.org/wiki/SquirrelRelease for more details. +Index order options are modified in 1.5.1 version. If older options are +detected, interface upgrades to newer option format and deletes old options. + +In version 1.5.1, SquirrelSpell user dictionaries are saved with generic +SquirrelMail data functions. SquirrelSpell should copy older dictionaries +if dictionary version information is not present in user preferences. Once +the dictionary is copied, .words files are obsolete and no longer +updated. + +If the same data directory is used with other backwards incompatible versions, +the older SquirrelMail version may lose some user preferences or work with +outdated data. Admins are advised to use a separate data directory for the +1.5.1 release. The data directory can be configured by running configure. + +Data Directory +============== +The directory data/ is no longer included in our tarball. Since placing this +directory under a web-accessible directory is not very wise, we've decided to +not pack it anymore. Admins will need to create it. Please choose a location +that's safe (not web accessible), e.g. /var/squirrelmail/data. + +Reporting Your Favorite SquirrelMail Bug +======================================== +We constantly aim to make SquirrelMail even better, so we need you to submit +any bugs you come across! Also, please mention that the bug is in this release +(version 1.5.1), and list your IMAP server and web server details. Bugs can be +submitted at: + + http://squirrelmail.org/bugs + +Thanks for your cooperation with this. This helps ensure that nothing slips +through the cracks. Also, please search the bug database for existing items +before submitting a new bug. This will help to eliminate duplicate reports and +increase the time we can spend FIXING existing bugs by DECREASING the time we +spend sorting through bug reports. Remember to check for CLOSED bug reports +also, not just OPEN bug reports, in case a bug you want to report may have been +recently fixed in our source code repository. + +If you want to join us in coding SquirrelMail, or have other things to share +with the developers, join the development mailing list: + + squirrelmail-devel@lists.sourceforge.net + + +About Our Release Alias +======================= +This release is labeled the "Fire in the Hole" release. "Fire in the Hole" is +a phrase used to warn of the detonation of an explosive device. The phrase may +have been originated by miners, who made extensive use of explosives while +working underground. + +This release has been created to get a fixed package after more than two years +of development in the CVS HEAD branch. This package contains many experimental +changes. These changes add new features that can/will be unstable and/or +create an inconsistent UI. If you want to use stable code, you should stick to +the 1.4.x series of SquirrelMail. If you find issues in this package, make +sure that they are still present in the latest development code snapshots. To +obtain thelatest development snapshot, see + + http://squirrelmail.org/download.php#snapshot Happy SquirrelMailing! - The SquirrelMail Project Team