SquirrelMail 1.4.22 Released

The SquirrelMail Team is pleased to announce the release of SquirrelMail version 1.4.22. This release contains a large number of performance enhancements, stability fixes and a few bug/security fixes.

The most important thing to note when upgrading to version 1.4.22 is that due to a fix made that standardizes the folder list display, administrators who had their configuration file set to work around this issue in the past will need to update their configuration. This will commonly affect those using Courier IMAP, but could affect others as well.

If you have $default_sub_of_inbox set to FALSE in your main configuration (or, using the configuration tool, see "3. Folder Defaults" ===> "12. Default Sub. of INBOX"), and you find after upgrade that your special folders (e.g., Trash, Drafts, Sent) are no longer listed at the top of your folder list, please change that value to TRUE.

Also, if you find that this upgrade prevents users from logging in with an error such as "ERROR: Could not complete request. Query: CREATE "Trash" Reason Given: Invalid mailbox name.", you will need to correct the user preference values for the problem folders. You can do so with commands such as the following for file-based preferences (adjust the data directory location as needed):

find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Trash/trash_folder=INBOX.Trash/g' {} \;
find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Drafts/trash_folder=INBOX.Drafts/g' {} \;
find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Sent/trash_folder=INBOX.Sent/g' {} \;

Or, for database-based preferences:

UPDATE userprefs SET prefval = 'INBOX.Trash' WHERE prefkey = 'trash_folder' AND prefval = 'Trash';
UPDATE userprefs SET prefval = 'INBOX.Drafts' WHERE prefkey = 'draft_folder' AND prefval = 'Drafts';
UPDATE userprefs SET prefval = 'INBOX.Sent' WHERE prefkey = 'sent_folder' AND prefval = 'Sent';

MAKE SURE to back up your user preferences before doing any of the above!

This release also addresses several security issues, including some harsh but hard to exploit XSS bugs, a general clickjacking vulnerability, and a small problem with message santizing.

If only for the clickjacking protection, we recommend that users of previous versions of SquirrelMail upgrade at their earliest convenience.

For more complete details, see the ReleaseNotes and ChangeLog files included in this release (in the doc/ directory).