/*****************************************************************
 * Release Notes: SquirrelMail 1.4.4                             *
 * The "Did I Leave The Gas On?" Release                         *
 *                                                               *
 *****************************************************************/

In this edition of SquirrelMail Release Notes:
   * All about this Release!
   * Locales / Translations / Charsets
   * Security issues
   * Major updates
   * A note on plugins
   * Reporting my favorite SquirrelMail 1.4 bug


All about this Release!
=======================

This is the fifth release of the stable 1.4.x series. It fixes many
bugs discovered since the last release, separates out the translations
to a separate package, greatly improves charset decoding and fixes
some different security issues.

See the Major Updates section of this file for more about the 
1.4.x stable series.  For changes in this release, please refer to
the ChangeLog.


Locales / Translations / Charsets
=================================

From this release on, the translations for SquirrelMail are no longer
part of the main package but have to be downloaded separately; either
in one large file or an individual language. You can find these
packages through our homepage. They also contain instructions on how
to install.

This release also introduces a backport of the new Character set
decoding functions from the development branch, vastly increasing the
number of supported character sets and decoding performance.


Security Issues
===============

This release addresses a remotely exploitable cross site scripting
vulnerability in the decodeHeader() function, known as CAN-2004-1036.
Thanks go to Joost Pol for notifying us about this issue.

Also fixed is an issue in prefs.php which allowed for insecure file
inclusion. The problem was introduced in version 1.4.3 and is known
as CAN-2005-0075.

In webmail.php an issue was closed which allowed the contents of the
right frame to be replaced by manipulating an URL variabale. Thanks
to Manoel Zaninetti for discovering this (CAN-2005-0104). In the
same place, two integer variables turned out also not sanitized,
CAN-2005-0104.


Major updates
==============

The 1.4.x series (as a result of 1.3 developent series) brings:

* A complete rewrite of the way we send mail (Deliver-class),
  and of the way we parse mail (MIME-bodystructure parsing).
  This makes SquirrelMail more reliable and more efficient
  at the same time!
* Support for IMAP UID which makes SquirrelMail more reliable.
* Optimizations to code and the number of IMAP calls; SquirrelMail
  is now a very scalable webmail solution.
* Support for a wider range of authentication mechanisms.
* Lots of bugfixes, some new features and a couple of UI-tweaks.


A note on plugins
=================

There have been major plugin architecture improvements since 1.2.x. Lots
of plugins have not yet been adapted to this. Plugins which are
distributed with this release (eg. in the same .tar.gz file) should work.
Plugin authors will need some time to adapt their plugins, so quite a few
plugins that did work with 1.2.x might not work with 1.4.x.

So if you have ANY problem at all, first try turning off all plugins.
If one plugin seems to be the culprit, contact the author to see if
a 1.4.x version is underway.

Plugins that worked with previous 1.4.x versions should continue to work
without changes with this version.


Reporting my favorite SquirrelMail 1.4 bug
==========================================

We constantly aim to make SquirrelMail even better. So we need you to
submit any bug you come across! Also, please mention that the bug is
in this 1.4.4 release, and list your IMAP server and webserver details.

   http://www.squirrelmail.org/bugs

Thanks for your cooperation with this. That helps us to make
sure nothing slips through the cracks. Also, it would help if
people would check existing tracker items for a bug before reporting
it again. This would help to eliminate duplicate reports, and
increase the time we can spend CODING by DECREASING the time we
spend sorting through bug reports. And remember, check not only OPEN
bug reports, but also closed ones as a bug that you report MAY have
been fixed in CVS already.

Any questions about installing or using SquirrelMail can be directed
to our user support list:

    squirrelmail-users@lists.sourceforge.net

If you want to join us in coding SquirrelMail, or have other
things to share with the developers, join the development mailinglist:

   squirrelmail-devel@lists.sourceforge.net

                  Happy SquirrelMailing!
                    - The SquirrelMail Project Team