/***************************************************************** * Release Notes: SquirrelMail 1.4.17 * * The "Backbone" Release * * 03 December 2008 * *****************************************************************/ In this edition of SquirrelMail Release Notes: * All about this Release! * Locales / Translations / Charsets * Security issues * Major updates * Reporting my favorite SquirrelMail 1.4 bug All about this release ====================== This release addresses a security problem in SquirrelMail, as well as a couple small bug fixes/improvements. Notable changes: * Security fix, see below. * Cookies no longer sent as HTTPS-only under IIS unless the connection really is secure. * Alternate identities are correctly matched when replying to mesages. Security issue ============== An issue was fixed that allowed an attacker to send specially- crafted hyperlinks in a message that could execute cross-site scripting (XSS) when the user viewed the message in SquirrelMail. We would like to thank Secunia Research for reporting this issue to us. It is tracked as CVE-2008-2379. Locales / Translations / Charsets ================================= Since the release of 1.4.4, the the translations for SquirrelMail are no longer part of the main package but have to be downloaded separately; either in one large file or an individual language. You can find these packages through our web site. They also contain instructions on how to install. That release also introduced a backport of the new Character set decoding functions from the development branch, vastly increasing the number of supported character sets and decoding performance. Major updates in 1.4 ==================== The 1.4.x series (as a result of 1.3 developent series) brings: * A complete rewrite of the way we send mail (Deliver-class), and of the way we parse mail (MIME-bodystructure parsing). This makes SquirrelMail more reliable and more efficient at the same time! * Support for IMAP UID which makes SquirrelMail more reliable. * Optimizations to code and the number of IMAP calls; SquirrelMail is now a very scalable webmail solution. * Support for a wider range of authentication mechanisms. * Lots of bugfixes, some new features and a couple of UI-tweaks. Reporting my favorite SquirrelMail 1.4 bug ========================================== We constantly aim to make SquirrelMail even better. So we need you to submit any bug you come across! However, before you do so, please have a look at our various support resources to make sure the issue isn't already known or solved: http://squirrelmail.org/docs/admin/admin-10.html http://squirrelmail.org/docs/admin/admin-12.html http://squirrelmail.org/wiki/KnownBugs http://squirrelmail.org/wiki/SolvingProblems You should also search existing tracker items for your issue (remember to check for CLOSED and PENDING items as well as OPEN ones) - if you find such an (open) item, please do add any more details you have to it to help us fix and close the bug report. When reporting a new bug, please mention what SquirrelMail release(s) it pertains to, and list as many details about your system as possible, including your IMAP server and web server details. http://squirrelmail.org/bugs Thanks for your cooperation! This helps us to make sure nothing slips through the cracks. Any questions about installing or using SquirrelMail can be directed to our user support list: squirrelmail-users@lists.sourceforge.net When posting support requests there, please carefully follow our posting guidelines: http://squirrelmail.org/postingguidelines If you want to join us in coding SquirrelMail, or have other things to share with the developers, join the development mailinglist: squirrelmail-devel@lists.sourceforge.net Happy SquirrelMailing! - The SquirrelMail Project Team