X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=ReleaseNotes;h=b89a8295f1bccd5339513207dcc38ce63bc04253;hp=27a0999c230d20a7e5bb8f668748605fad22cff5;hb=a15f9d9379cebc62fa39b6cb10d2195f95ed5081;hpb=ac5db715d24c805fe270183a59781f79274740bf diff --git a/ReleaseNotes b/ReleaseNotes index 27a0999c..b89a8295 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -1,88 +1,119 @@ /***************************************************************** - * Release Notes: SquirrelMail 1.4.0 * - * The "Long Time Coming" Release * - * 3 April 2003 * - *****************************************************************/ + * Release Notes: SquirrelMail 1.5.1 * + * The "Fire in the Hole" Release * + * 2006-02-19 * +*****************************************************************/ + +WARNING. If you can read this, then you are reading file from 1.5.1cvs and not +final release notes. + + In this edition of SquirrelMail Release Notes: * All about this Release! - * A note on PHP 4.3.x * Major updates - * A note on plugins - * Reporting my favorite SquirrelMail 1.4 bug + * Security updates + * Plugin updates + * Possible issues + * Backwards incompatible changes + * Data directory changes + * Reporting my favorite SquirrelMail bug All about this Release! ======================= -This is the first release of our new 1.4.x-series which is officially -labeled STABLE! We've been through a long development trajectory -which has resulted in this version. The big plusses of 1.4 over the -previous 1.2.x series are enhanced stability, better compatibility -with a wide range of mail/websystems, more features and less bugs. +This is the second release of our new 1.5.x-series, which is a +DEVELOPMENT release. + See the Major Updates section of this file for more. -A note on PHP 4.3.x -=================== +Major updates +============== +Rewritten IMAP functions and added extra data caching code. Internal sorting +functions should be faster than code used in SquirrelMail 1.5.0 and older +versions. Data caching should reduce number of IMAP calls in folder management +and mailbox status functions. -While the developers realize that PHP 4.3.x is the "latest and greatest" -version of PHP to be available, SquirrelMail has not been extensively -tested with it. We currently believe that SquirrelMail should work on -PHP 4.3.x but we lack the experience with this new version to be -absolutely sure. If you want to be safe, or experience problems, you may -want to downgrade to PHP 4.2.x. +Own gettext implementation replaced with PHP Gettext classes. Update adds +ngettext and dgettext support. +Templates, css and error handler. -Major updates +Own cookie functions + +Updated wrapping functions in compose. + + +Security updates +================ + +This release contains security fixes applied to development branch after 1.5.0 +release. +CVE-2004-0521 - SQL injection vulnerability in address book. +CVE-2004-1036 - XSS exploit in decodeHeader function. +CVE-2005-0075 - Potential file inclusion in preference backend selection code. +CVE-2005-0103 - Possible file/offsite inclusion in src/webmail.php. +CVE-2005-0104 - Possible XSS issues in src/webmail.php. +CVE-2005-1769 - Several cross site scripting (XSS) attacks. +CVE-2005-2095 - Extraction of all POST variables in advanced identity code. + + +Plugin updates ============== +Added site configuration options to filters, fortune, translate, newmail, +bug_report plugins. Improved newmail and change_password plugins. -The 1.4.0 series (as a result of 1.3 developent series) brings: +SquirrelSpell data storage -* A complete rewrite of the way we send mail (Deliver-class), - and of the way we parse mail (MIME-bodystructure parsing). - This makes SquirrelMail more reliable and more efficient - at the same time! -* Support for IMAP UID which makes SquirrelMail more reliable. -* Optimizations to code and the number of IMAP calls; SquirrelMail - is now a very scalable webmail solution. -* Support for a wider range of authentication mechanisms. -* Lots of bugfixes, some new features and a couple of UI-tweaks. +Possible issues +=============== +Cookies +Plugins (changes in hooks and IMAP API) +IMAP sorting/threading -A note on plugins -================= +Backward incompatible changes +============================= +Index order options are modified in 1.5.1 version. If older options are +detected, interface upgrades to newer option format and deletes old options. -There have been major plugin architecture improvements. Lots of plugins -have not yet been adapted to this. Plugins which are distributed with -this release (eg. in the same .tar.gz file) should work. Plugin authors -will need some time to adapt their plugins, so quite a few plugins -might not work. +In 1.5.1 version SquirrelSpell user dictionaries are saved with generic +SquirrelMail data functions. Code should copy older dictionary, if dictionary +version information is not present in user preferences. Once dictionary is +copied, .words files are obsolete and no longer updated. -So if you have ANY problem at all, first try turning off all plugins. -If one plugin seems to be the culprit, contact the author to see if -a 1.4.x version is underway. +If same data directory is used with other backwards incompatible version, older +SquirrelMail version can lose some user preferences or work with outdated data. +Data directory +============== + +The directory data/ used to be included in our tarball. Since placing this dir +under a web accessible directory is not very wise, we've decided to not pack it +anymore; you need to create it yourself. Please choose a location that's safe, +e.g. somewhere under /var. -Reporting my favorite SquirrelMail 1.4 bug -========================================== -We constantly aim to make SquirrelMail even better. So we need you to -submit any bug you come across! Also, please mention that the bug is -in this 1.4.0 release, and list your IMAP server and webserver details. +Reporting my favorite SquirrelMail bug +====================================== + +We constantly aim to make SquirrelMail even better. So we need you to submit +any bug you come across! Also, please mention that the bug is in this 1.5.1 +release, and list your IMAP server and webserver details. http://www.squirrelmail.org/bugs -Thanks for your cooperation with this. That helps us to make -sure nothing slips through the cracks. Also, it would help if -people would check existing tracker items for a bug before reporting -it again. This would help to eliminate duplicate reports, and -increase the time we can spend CODING by DECREASING the time we -spend sorting through bug reports. And remember, check not only OPEN -bug reports, but also closed ones as a bug that you report MAY have -been fixed in CVS already. +Thanks for your cooperation with this. That helps us to make sure nothing slips +through the cracks. Also, it would help if people would check existing tracker +items for a bug before reporting it again. This would help to eliminate +duplicate reports, and increase the time we can spend CODING by DECREASING the +time we spend sorting through bug reports. And remember, check not only OPEN +bug reports, but also closed ones as a bug that you report MAY have been fixed +in CVS already. -If you want to join us in coding SquirrelMail, or have other -things to share with the developers, join the development mailinglist: +If you want to join us in coding SquirrelMail, or have other things to share +with the developers, join the development mailing list: squirrelmail-devel@lists.sourceforge.net @@ -90,9 +121,17 @@ things to share with the developers, join the development mailinglist: About Our Release Alias ======================= -This release is labeled the "Long Time Coming" Release. -I think you can figure out the meaning behind this yourself. - +This release is labeled the "Fire in the Hole" release. "Fire in the hole" is +a phrase used to warn of the detonation of an explosive device. The phrase may +have been originated by miners, who made extensive use of explosives while +working underground. + +Release is created in order to get fixed package after two years of development +in HEAD branch. Package contains many experimental changes. Changes add new +features, that can be unstable and cause inconsistent UI. If you want to use +stable code, you should stick to SquirrelMail 1.4.x series. If you find issues +in this package, make sure that they are still present in latest development +code snapshots. Happy SquirrelMailing! - The SquirrelMail Project Team