From: <ki...@us...> - 2008-09-28 14:58:18
|
Revision: 13293 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13293&view=rev Author: kink Date: 2008-09-28 14:58:07 +0000 (Sun, 28 Sep 2008) Log Message: ----------- prepare for further development Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/functions/strings.php Added Paths: ----------- branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.16.txt Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-09-28 13:59:48 UTC (rev 13292) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-09-28 14:58:07 UTC (rev 13293) @@ -2,6 +2,9 @@ *** SquirrelMail Stable Series 1.4 *** ************************************** +Version 1.4.17 - SVN +-------------------- + Version 1.4.16 - 28 September 2008 ---------------------------------- - Added support for Latvian. Copied: branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.16.txt (from rev 13291, branches/SM-1_4-STABLE/squirrelmail/ReleaseNotes) =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.16.txt (rev 0) +++ branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.16.txt 2008-09-28 14:58:07 UTC (rev 13293) @@ -0,0 +1,125 @@ +/***************************************************************** + * Release Notes: SquirrelMail 1.4.16 * + * The "Taming the Cookie Monster" Release * + * 28 September 2008 * + *****************************************************************/ + +In this edition of SquirrelMail Release Notes: + * All about this Release! + * Locales / Translations / Charsets + * Security issues + * Major updates + * A note on plugins + * Reporting my favorite SquirrelMail 1.4 bug + + +All about this release +====================== + +This release addresses a security problem in SquirrelMail, aswell +as your regular collection of bug fixes and some improvements mainly +targeted at plugins. + +Notable changes: + * Security fix, see below. + * Latvian was added as a new language. + * The abook_take plugin was removed. + +Security issue +============== + +An issue was fixed that allowed the cookies of a session started +over SSL (https) to be transmitted over HTTP aswell. This affects +installations that offer SquirrelMail both over HTTP and HTTPS. +This is known as setting the "secure" flag of the cookie. + +An override option has been added that can be used when you have +a need to continue a session over HTTP that has been started over +HTTPS, although we do not recommend that. + +We would like to thank Hanno Boeck for reporting this issue to us. +It is tracked as CVE-2008-3663. + +As an additional fortification, SquirrelMail now sets the HttpOnly +flag to counter possible future cross site scripting attacks in +some browsers (Internet Explorer 6+, Firefox 2.0.0.5+). + + +Locales / Translations / Charsets +================================= + +Since the release of 1.4.4, the the translations for SquirrelMail are +no longer part of the main package but have to be downloaded separately; +either in one large file or an individual language. You can find these +packages through our homepage. They also contain instructions on how +to install. + +That release also introduced a backport of the new Character set +decoding functions from the development branch, vastly increasing the +number of supported character sets and decoding performance. + + + +Major updates in 1.4 +==================== + +The 1.4.x series (as a result of 1.3 developent series) brings: + +* A complete rewrite of the way we send mail (Deliver-class), + and of the way we parse mail (MIME-bodystructure parsing). + This makes SquirrelMail more reliable and more efficient + at the same time! +* Support for IMAP UID which makes SquirrelMail more reliable. +* Optimizations to code and the number of IMAP calls; SquirrelMail + is now a very scalable webmail solution. +* Support for a wider range of authentication mechanisms. +* Lots of bugfixes, some new features and a couple of UI-tweaks. + + +A note on plugins +================= + +There have been major plugin architecture improvements since 1.2.x. Lots +of plugins have not yet been adapted to this. Plugins which are +distributed with this release (eg. in the same .tar.gz file) should work. +Plugin authors will need some time to adapt their plugins, so quite a few +plugins that did work with 1.2.x might not work with 1.4.x. + +So if you have ANY problem at all, first try turning off all plugins. +If one plugin seems to be the culprit, contact the author to see if +a 1.4.x version is underway. + +Plugins that worked with previous 1.4.x versions should continue to work +without changes with this version. + + +Reporting my favorite SquirrelMail 1.4 bug +========================================== + +We constantly aim to make SquirrelMail even better. So we need you to +submit any bug you come across! Also, please mention that the bug is +in this release, and list your IMAP server and webserver details. + + http://www.squirrelmail.org/bugs + +Thanks for your cooperation with this. That helps us to make +sure nothing slips through the cracks. Also, it would help if +people would check existing tracker items for a bug before reporting +it again. This would help to eliminate duplicate reports, and +increase the time we can spend CODING by DECREASING the time we +spend sorting through bug reports. And remember, check not only OPEN +bug reports, but also closed ones as a bug that you report MAY have +been fixed in our source code repository already. + +Any questions about installing or using SquirrelMail can be directed +to our user support list: + + squ...@li... + +If you want to join us in coding SquirrelMail, or have other +things to share with the developers, join the development mailinglist: + + squ...@li... + + Happy SquirrelMailing! + - The SquirrelMail Project Team Modified: branches/SM-1_4-STABLE/squirrelmail/functions/strings.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/strings.php 2008-09-28 13:59:48 UTC (rev 13292) +++ branches/SM-1_4-STABLE/squirrelmail/functions/strings.php 2008-09-28 14:58:07 UTC (rev 13293) @@ -16,14 +16,14 @@ * SquirrelMail version number -- DO NOT CHANGE */ global $version; -$version = '1.4.16'; +$version = '1.4.17 [SVN]'; /** * SquirrelMail internal version number -- DO NOT CHANGE * $sm_internal_version = array (release, major, minor) */ global $SQM_INTERNAL_VERSION; -$SQM_INTERNAL_VERSION = array(1,4,16); +$SQM_INTERNAL_VERSION = array(1,4,17); /** * There can be a circular issue with includes, where the $version string is This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |