/*****************************************************************
* Release Notes: SquirrelMail 1.4.17 *
* The "Backbone" Release *
* 03 December 2008 *
*****************************************************************/
In this edition of SquirrelMail Release Notes:
* All about this Release!
* Locales / Translations / Charsets
* Security issues
* Major updates
* Reporting my favorite SquirrelMail 1.4 bug
All about this release
======================
This release addresses a security problem in SquirrelMail, as well
as a couple small bug fixes/improvements.
Notable changes:
* Security fix, see below.
* Cookies no longer sent as HTTPS-only under IIS unless the
connection really is secure.
* Alternate identities are correctly matched when replying
to mesages.
Security issue
==============
An issue was fixed that allowed an attacker to send specially-
crafted hyperlinks in a message that could execute cross-site
scripting (XSS) when the user viewed the message in SquirrelMail.
We would like to thank Secunia Research for reporting this issue
to us. It is tracked as CVE-2008-2379.
Locales / Translations / Charsets
=================================
Since the release of 1.4.4, the the translations for SquirrelMail are
no longer part of the main package but have to be downloaded separately;
either in one large file or an individual language. You can find these
packages through our web site. They also contain instructions on how
to install.
That release also introduced a backport of the new Character set
decoding functions from the development branch, vastly increasing the
number of supported character sets and decoding performance.
Major updates in 1.4
====================
The 1.4.x series (as a result of 1.3 developent series) brings:
* A complete rewrite of the way we send mail (Deliver-class),
and of the way we parse mail (MIME-bodystructure parsing).
This makes SquirrelMail more reliable and more efficient
at the same time!
* Support for IMAP UID which makes SquirrelMail more reliable.
* Optimizations to code and the number of IMAP calls; SquirrelMail
is now a very scalable webmail solution.
* Support for a wider range of authentication mechanisms.
* Lots of bugfixes, some new features and a couple of UI-tweaks.
Reporting my favorite SquirrelMail 1.4 bug
==========================================
We constantly aim to make SquirrelMail even better. So we need you to
submit any bug you come across! However, before you do so, please have
a look at our various support resources to make sure the issue isn't
already known or solved:
http://squirrelmail.org/docs/admin/admin-10.html
http://squirrelmail.org/docs/admin/admin-12.html
http://squirrelmail.org/wiki/KnownBugs
http://squirrelmail.org/wiki/SolvingProblems
You should also search existing tracker items for your issue (remember
to check for CLOSED and PENDING items as well as OPEN ones) - if you
find such an (open) item, please do add any more details you have to
it to help us fix and close the bug report.
When reporting a new bug, please mention what SquirrelMail release(s)
it pertains to, and list as many details about your system as possible,
including your IMAP server and web server details.
http://squirrelmail.org/bugs
Thanks for your cooperation! This helps us to make sure nothing slips
through the cracks.
Any questions about installing or using SquirrelMail can be directed
to our user support list:
squirrelmail-users@lists.sourceforge.net
When posting support requests there, please carefully follow our posting
guidelines:
http://squirrelmail.org/postingguidelines
If you want to join us in coding SquirrelMail, or have other things to
share with the developers, join the development mailinglist:
squirrelmail-devel@lists.sourceforge.net
Happy SquirrelMailing!
- The SquirrelMail Project Team
distrib
>
Mandriva
>
2010.2
>
i586
>
media
>
contrib-release
>
by-pkgid
>
e3194e4e3e85ca941250e9f0c67e3746
>
files
>
205
