~ubuntu-branches/ubuntu/karmic/squirrelmail/karmic

Viewing changes to doc/ReleaseNotes/1.4/Notes-1.4.8.txt

Committer: Bazaar Package Importer
Author(s): Thijs Kinkhorst
Date: 2006-12-04 09:18:09 UTC
mfrom: (1.1.6 upstream)
Revision ID: james.westby@ubuntu.com-20061204091809-f5tmhfdfy71y0cwn

Tags: 2:1.4.9a-1

* New upstream security release.
- Additionally tightens HTML filter for IE <= 5 parsing
absolutely everything and it's horse.

files added:
doc/ReleaseNotes/1.4/Notes-1.4.8.txt

doc/ReleaseNotes/1.4/Notes-1.4.9.txt

files removed:
plugins/make_archive.pl

files modified:
AUTHORS

ChangeLog

ReleaseNotes

class/mime/Message.class.php

class/mime/Rfc822Header.class.php

config/conf.pl

config/config_default.php

contrib/decrypt_headers.php

debian/changelog

functions/abook_database.php

functions/abook_local_file.php

functions/addressbook.php

functions/date.php

functions/display_messages.php

functions/imap_general.php

functions/imap_mailbox.php

functions/imap_messages.php

functions/mailbox_display.php

functions/mime.php

functions/strings.php

plugins/translate/options.php

plugins/translate/setup.php

po/squirrelmail.pot

src/addrbook_search.php

src/addressbook.php

src/compose.php

src/configtest.php

src/folders.php

src/folders_create.php

src/folders_delete.php

src/login.php

src/mailto.php

src/redirect.php

src/right_main.php

src/view_text.php

src/webmail.php

Show diffs side-by-side

added added

removed removed

doc/ReleaseNotes/1.4/Notes-1.4.8.txt

/*****************************************************************

* Release Notes: SquirrelMail 1.4.8 *

* The "F is for Furry Friends" Release *

* 11th August 2006 *

*****************************************************************/

In this edition of SquirrelMail Release Notes:

* All about this Release!

* Locales / Translations / Charsets

* Security issues

* Major updates

* A note on plugins

* Reporting my favorite SquirrelMail 1.4 bug

All about this release

======================

This version, 1.4.8 is a maintenance release, addressing

the following problems since 1.4.7:

- A security fix (see below)

- A collection of bugfixes

(see ChangeLog for a full list)

Locales / Translations / Charsets

=================================

Since the release of 1.4.4, the the translations for SquirrelMail are

no longer part of the main package but have to be downloaded separately;

either in one large file or an individual language. You can find these

packages through our homepage. They also contain instructions on how

to install.

That release also introduced a backport of the new Character set

decoding functions from the development branch, vastly increasing the

number of supported character sets and decoding performance.

Security issues

===============

This release addresses a security issue found since the release of 1.4.7:

compose.php allowed a logged in attacker to overwrite random variables

in that script. This could possibly be used to modify or read the preferences

of other users or write arbitrary files. It must be noted that the requirement

of being logged in mitigates the attack possibilities, unless your users have

weak passwords. This was found by James Bercegay of Gulftech Security, thanks!

This is CVE-2006-4019.

Also, in 1.4.7 we put code to address CVE-2006-3174. On further investigation,

we've further tightened that code in 1.4.7 to close off some rare corner cases.

We do not believe this to be anything more than a minor fix.

Major updates

==============

The 1.4.x series (as a result of 1.3 developent series) brings:

* A complete rewrite of the way we send mail (Deliver-class),

and of the way we parse mail (MIME-bodystructure parsing).

This makes SquirrelMail more reliable and more efficient

at the same time!

* Support for IMAP UID which makes SquirrelMail more reliable.

* Optimizations to code and the number of IMAP calls; SquirrelMail

is now a very scalable webmail solution.

* Support for a wider range of authentication mechanisms.

* Lots of bugfixes, some new features and a couple of UI-tweaks.

A note on plugins

=================

There have been major plugin architecture improvements since 1.2.x. Lots

of plugins have not yet been adapted to this. Plugins which are

distributed with this release (eg. in the same .tar.gz file) should work.

Plugin authors will need some time to adapt their plugins, so quite a few

plugins that did work with 1.2.x might not work with 1.4.x.

So if you have ANY problem at all, first try turning off all plugins.

If one plugin seems to be the culprit, contact the author to see if

a 1.4.x version is underway.

Plugins that worked with previous 1.4.x versions should continue to work

without changes with this version.

Reporting my favorite SquirrelMail 1.4 bug

==========================================

We constantly aim to make SquirrelMail even better. So we need you to

submit any bug you come across! Also, please mention that the bug is

in this 1.4.8 release, and list your IMAP server and webserver details.

http://www.squirrelmail.org/bugs

Thanks for your cooperation with this. That helps us to make

100

sure nothing slips through the cracks. Also, it would help if

101

people would check existing tracker items for a bug before reporting

102

it again. This would help to eliminate duplicate reports, and

103

increase the time we can spend CODING by DECREASING the time we

104

spend sorting through bug reports. And remember, check not only OPEN

105

bug reports, but also closed ones as a bug that you report MAY have

106

been fixed in CVS already.

107

108

Any questions about installing or using SquirrelMail can be directed

109

to our user support list:

110

111

squirrelmail-users@lists.sourceforge.net

112

113

If you want to join us in coding SquirrelMail, or have other

114

things to share with the developers, join the development mailinglist:

115

116

squirrelmail-devel@lists.sourceforge.net

117

118

Happy SquirrelMailing!

119

- The SquirrelMail Project Team

Older »