1
/*****************************************************************
2
* Release Notes: SquirrelMail 1.4.8 *
3
* The "F is for Furry Friends" Release *
5
*****************************************************************/
7
In this edition of SquirrelMail Release Notes:
8
* All about this Release!
9
* Locales / Translations / Charsets
13
* Reporting my favorite SquirrelMail 1.4 bug
16
All about this release
17
======================
19
This version, 1.4.8 is a maintenance release, addressing
20
the following problems since 1.4.7:
21
- A security fix (see below)
22
- A collection of bugfixes
23
(see ChangeLog for a full list)
26
Locales / Translations / Charsets
27
=================================
29
Since the release of 1.4.4, the the translations for SquirrelMail are
30
no longer part of the main package but have to be downloaded separately;
31
either in one large file or an individual language. You can find these
32
packages through our homepage. They also contain instructions on how
35
That release also introduced a backport of the new Character set
36
decoding functions from the development branch, vastly increasing the
37
number of supported character sets and decoding performance.
43
This release addresses a security issue found since the release of 1.4.7:
45
compose.php allowed a logged in attacker to overwrite random variables
46
in that script. This could possibly be used to modify or read the preferences
47
of other users or write arbitrary files. It must be noted that the requirement
48
of being logged in mitigates the attack possibilities, unless your users have
49
weak passwords. This was found by James Bercegay of Gulftech Security, thanks!
50
This is CVE-2006-4019.
52
Also, in 1.4.7 we put code to address CVE-2006-3174. On further investigation,
53
we've further tightened that code in 1.4.7 to close off some rare corner cases.
54
We do not believe this to be anything more than a minor fix.
60
The 1.4.x series (as a result of 1.3 developent series) brings:
62
* A complete rewrite of the way we send mail (Deliver-class),
63
and of the way we parse mail (MIME-bodystructure parsing).
64
This makes SquirrelMail more reliable and more efficient
66
* Support for IMAP UID which makes SquirrelMail more reliable.
67
* Optimizations to code and the number of IMAP calls; SquirrelMail
68
is now a very scalable webmail solution.
69
* Support for a wider range of authentication mechanisms.
70
* Lots of bugfixes, some new features and a couple of UI-tweaks.
76
There have been major plugin architecture improvements since 1.2.x. Lots
77
of plugins have not yet been adapted to this. Plugins which are
78
distributed with this release (eg. in the same .tar.gz file) should work.
79
Plugin authors will need some time to adapt their plugins, so quite a few
80
plugins that did work with 1.2.x might not work with 1.4.x.
82
So if you have ANY problem at all, first try turning off all plugins.
83
If one plugin seems to be the culprit, contact the author to see if
84
a 1.4.x version is underway.
86
Plugins that worked with previous 1.4.x versions should continue to work
87
without changes with this version.
90
Reporting my favorite SquirrelMail 1.4 bug
91
==========================================
93
We constantly aim to make SquirrelMail even better. So we need you to
94
submit any bug you come across! Also, please mention that the bug is
95
in this 1.4.8 release, and list your IMAP server and webserver details.
97
http://www.squirrelmail.org/bugs
99
Thanks for your cooperation with this. That helps us to make
100
sure nothing slips through the cracks. Also, it would help if
101
people would check existing tracker items for a bug before reporting
102
it again. This would help to eliminate duplicate reports, and
103
increase the time we can spend CODING by DECREASING the time we
104
spend sorting through bug reports. And remember, check not only OPEN
105
bug reports, but also closed ones as a bug that you report MAY have
106
been fixed in CVS already.
108
Any questions about installing or using SquirrelMail can be directed
109
to our user support list:
111
squirrelmail-users@lists.sourceforge.net
113
If you want to join us in coding SquirrelMail, or have other
114
things to share with the developers, join the development mailinglist:
116
squirrelmail-devel@lists.sourceforge.net
118
Happy SquirrelMailing!
119
- The SquirrelMail Project Team