1
/*****************************************************************
2
* Release Notes: SquirrelMail 1.4.10 *
3
* The "Visculamia" Release *
5
*****************************************************************/
7
In this edition of SquirrelMail Release Notes:
8
* All about this Release!
9
* Locales / Translations / Charsets
13
* Reporting my favorite SquirrelMail 1.4 bug
16
All about this release
17
======================
19
This version, 1.4.10 is a maintenance release, addressing
20
the following problems since 1.4.9a:
21
- Some security fixes (see below)
23
- A collection of bugfixes and stability enhancements
24
(see ChangeLog for a full list)
27
Locales / Translations / Charsets
28
=================================
30
Since the release of 1.4.4, the the translations for SquirrelMail are
31
no longer part of the main package but have to be downloaded separately;
32
either in one large file or an individual language. You can find these
33
packages through our homepage. They also contain instructions on how
36
That release also introduced a backport of the new Character set
37
decoding functions from the development branch, vastly increasing the
38
number of supported character sets and decoding performance.
44
This release addresses security issues found since the release of 1.4.9a:
46
There's an ongoing battle to further secure the HTML filter against malicious
47
HTML mail and the browsers that accept almost any malformed piece of HTML.
49
This release contains fixes for the following:
50
- HTML attachments containing "data:" URLs;
51
- Internet Explorer in various versions accepts many permutations of HTML
52
and JavaScript in many charsets. We now properly canonicalize the incoming
53
HTML to us-ascii before applying further filters. IE only.
54
- Request forgery through images. It was possible to include "images" in
55
HTML mails which were in fact GET requests for the compose.php page sending
56
mail. These images are now properly detected, and the compose form will only
57
send mail through a POST request.
59
Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon for reporting
60
(parts of) these issues and working with us to get them resolved.
62
These are known as CVE-2007-1262 and CVE-2007-2589.
68
The 1.4.x series (as a result of 1.3 developent series) brings:
70
* A complete rewrite of the way we send mail (Deliver-class),
71
and of the way we parse mail (MIME-bodystructure parsing).
72
This makes SquirrelMail more reliable and more efficient
74
* Support for IMAP UID which makes SquirrelMail more reliable.
75
* Optimizations to code and the number of IMAP calls; SquirrelMail
76
is now a very scalable webmail solution.
77
* Support for a wider range of authentication mechanisms.
78
* Lots of bugfixes, some new features and a couple of UI-tweaks.
84
There have been major plugin architecture improvements since 1.2.x. Lots
85
of plugins have not yet been adapted to this. Plugins which are
86
distributed with this release (eg. in the same .tar.gz file) should work.
87
Plugin authors will need some time to adapt their plugins, so quite a few
88
plugins that did work with 1.2.x might not work with 1.4.x.
90
So if you have ANY problem at all, first try turning off all plugins.
91
If one plugin seems to be the culprit, contact the author to see if
92
a 1.4.x version is underway.
94
Plugins that worked with previous 1.4.x versions should continue to work
95
without changes with this version.
98
Reporting my favorite SquirrelMail 1.4 bug
99
==========================================
101
We constantly aim to make SquirrelMail even better. So we need you to
102
submit any bug you come across! Also, please mention that the bug is
103
in this 1.4.9a release, and list your IMAP server and webserver details.
105
http://www.squirrelmail.org/bugs
107
Thanks for your cooperation with this. That helps us to make
108
sure nothing slips through the cracks. Also, it would help if
109
people would check existing tracker items for a bug before reporting
110
it again. This would help to eliminate duplicate reports, and
111
increase the time we can spend CODING by DECREASING the time we
112
spend sorting through bug reports. And remember, check not only OPEN
113
bug reports, but also closed ones as a bug that you report MAY have
114
been fixed in our source code repository already.
116
Any questions about installing or using SquirrelMail can be directed
117
to our user support list:
119
squirrelmail-users@lists.sourceforge.net
121
If you want to join us in coding SquirrelMail, or have other
122
things to share with the developers, join the development mailinglist:
124
squirrelmail-devel@lists.sourceforge.net
126
Happy SquirrelMailing!
127
- The SquirrelMail Project Team