/***************************************************************** * Release Notes: SquirrelMail 1.4.20-RC2 * * The "Squirrels Would Rather Be Outdoors" Release * * 17 Aug 2009 * *****************************************************************/ In this edition of SquirrelMail Release Notes: * All about this Release! * Security issues * Locales / Translations / Charsets * Reporting your favorite SquirrelMail bug All about this release ====================== This release extends the security fixes in the previous release candidate package to protect delete message functionalities. The risk of using the 1.4.20 release candidate 1 package instead of this one is very low, since a user's message IDs would need to be a known quantity to an attacker. However, the intent of release candidates is to encourage the SquirrelMail community to test code that we hope to release as officially stable in the near future, so those who can upgrade are encouraged to do so. For a complete list of changes, please see the file "ChangeLog" in the doc/ directory. Security issues =============== The security token system in 1.4.20 release candidate 1 did not protect message deletion actions, which, under this release candidate, are now protected. For more details about the vulnerability being addressed and how it was fixed, please see the release notes for 1.4.20 release candidate 1 or Secunia Advisory SA34627. Locales / Translations / Charsets ================================= Translations are not a part of the main SquirrelMail package. They are downloaded separately; you can obtain all languages in one package or get an individual language. You can find these packages on our web site. They also contain installation instructions. Reporting your favorite SquirrelMail bug ======================================== We constantly aim to make SquirrelMail even better. So we need you to submit any bug you come across! However, before you do so, please have a look at our various support resources to make sure the issue isn't already known or solved: http://squirrelmail.org/docs/admin/admin-10.html http://squirrelmail.org/docs/admin/admin-12.html http://squirrelmail.org/wiki/KnownBugs http://squirrelmail.org/wiki/SolvingProblems You should also search existing tracker items for your issue (remember to check for CLOSED and PENDING items as well as OPEN ones) - if you find such an (open) item, please do add any more details you have to it to help us fix and close the bug report. When reporting a new bug, please mention what SquirrelMail release(s) it pertains to, and list as many details about your system as possible, including your IMAP server and web server details. http://squirrelmail.org/bugs Thanks for your cooperation! This helps us to make sure nothing slips through the cracks. Any questions about installing or using SquirrelMail can be directed to our user support list: squirrelmail-users@lists.sourceforge.net When posting support requests there, please carefully follow our posting guidelines: http://squirrelmail.org/postingguidelines If you want to join us in coding SquirrelMail, or have other things to share with the developers, join the development mailinglist: squirrelmail-devel@lists.sourceforge.net Happy SquirrelMailing! - The SquirrelMail Project Team