From: <pdo...@us...> - 2009-03-26 21:49:39
|
Revision: 13458 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13458&view=rev Author: pdontthink Date: 2009-03-26 21:49:31 +0000 (Thu, 26 Mar 2009) Log Message: ----------- Shuffling release notes Added Paths: ----------- branches/SM-1_4-STABLE/squirrelmail/doc/release_notes_archive/ branches/SM-1_4-STABLE/squirrelmail/doc/release_notes_archive/ReleaseNotes Removed Paths: ------------- branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes/ Copied: branches/SM-1_4-STABLE/squirrelmail/doc/release_notes_archive/ReleaseNotes (from rev 13456, branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes/ReleaseNotes) =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/doc/release_notes_archive/ReleaseNotes (rev 0) +++ branches/SM-1_4-STABLE/squirrelmail/doc/release_notes_archive/ReleaseNotes 2009-03-26 21:49:31 UTC (rev 13458) @@ -0,0 +1,115 @@ +/***************************************************************** + * Release Notes: SquirrelMail 1.4.17 * + * The "Backbone" Release * + * 03 December 2008 * + *****************************************************************/ + +In this edition of SquirrelMail Release Notes: + * All about this Release! + * Locales / Translations / Charsets + * Security issues + * Major updates + * Reporting my favorite SquirrelMail 1.4 bug + + +All about this release +====================== + +This release addresses a security problem in SquirrelMail, as well +as a couple small bug fixes/improvements. + +Notable changes: + * Security fix, see below. + * Cookies no longer sent as HTTPS-only under IIS unless the + connection really is secure. + * Alternate identities are correctly matched when replying + to mesages. + +Security issue +============== + +An issue was fixed that allowed an attacker to send specially- +crafted hyperlinks in a message that could execute cross-site +scripting (XSS) when the user viewed the message in SquirrelMail. + +We would like to thank Secunia Research for reporting this issue +to us. It is tracked as CVE-2008-2379. + + +Locales / Translations / Charsets +================================= + +Since the release of 1.4.4, the the translations for SquirrelMail are +no longer part of the main package but have to be downloaded separately; +either in one large file or an individual language. You can find these +packages through our web site. They also contain instructions on how +to install. + +That release also introduced a backport of the new Character set +decoding functions from the development branch, vastly increasing the +number of supported character sets and decoding performance. + + +Major updates in 1.4 +==================== + +The 1.4.x series (as a result of 1.3 developent series) brings: + +* A complete rewrite of the way we send mail (Deliver-class), + and of the way we parse mail (MIME-bodystructure parsing). + This makes SquirrelMail more reliable and more efficient + at the same time! +* Support for IMAP UID which makes SquirrelMail more reliable. +* Optimizations to code and the number of IMAP calls; SquirrelMail + is now a very scalable webmail solution. +* Support for a wider range of authentication mechanisms. +* Lots of bugfixes, some new features and a couple of UI-tweaks. + + +Reporting my favorite SquirrelMail 1.4 bug +========================================== + +We constantly aim to make SquirrelMail even better. So we need you to +submit any bug you come across! However, before you do so, please have +a look at our various support resources to make sure the issue isn't +already known or solved: + + http://squirrelmail.org/docs/admin/admin-10.html + http://squirrelmail.org/docs/admin/admin-12.html + http://squirrelmail.org/wiki/KnownBugs + http://squirrelmail.org/wiki/SolvingProblems + +You should also search existing tracker items for your issue (remember +to check for CLOSED and PENDING items as well as OPEN ones) - if you +find such an (open) item, please do add any more details you have to +it to help us fix and close the bug report. + +When reporting a new bug, please mention what SquirrelMail release(s) +it pertains to, and list as many details about your system as possible, +including your IMAP server and web server details. + + http://www.squirrelmail.org/bugs + +Thanks for your cooperation! This helps us to make sure nothing slips +through the cracks. + +Any questions about installing or using SquirrelMail can be directed +to our user support list: + + squ...@li... + +When posting support requests there, please carefully follow our posting +guidelines: + + http://squirrelmail.org/postingguidelines + +If you want to join us in coding SquirrelMail, or have other things to +share with the developers, join the development mailinglist: + + squ...@li... + + + Happy SquirrelMailing! + + - The SquirrelMail Project Team + This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |