We are pleased to announce the release of SquirrelMail 1.4.4. This
release is a strongly recommended upgrade due to a number of security
issues that have been resolved since 1.4.3a.
About This Release
This release contains a number of bug fixes, and security updates. The
list is very long, as this version has been hiding in the trees for a
while. For a full list of the changes, you can see the changelog here:
A general summary of updates includes a few cross site scripting issues,
and two possible file inclusion issue (one remote, one local). Better
IMAP handling introduced for certain IMAP servers that advertise
LOGINDISABLED, folder handling, and a number of locales issues.
Shortly after the release of 1.4.3, the locales were broken out of the
main branch into their own branch. This makes the SquirrelMail package
itself a lot smaller, along with allowing administrators to download just
the packages they need. Details on this change can be found in the
ReleaseNotes and the INSTALL files.
We like to squash bugs, but we need your help when it comes to them. Full
details on their behaviour is a must. This includes what versions of
packages you have installed, such as web services, php services, your imap
server, plugins, etc. If you provide this kind of information when you
report a bug, it'll better help us to resolve the problem.
Our bug tracker is currently located at:
We suggest creating a login so we can inform you of updates and request
How to get it
You can get the latest release by going to:
Special thanks goes out to the people reporting security issues directly
to us, and not disclosing the information to the general public before we
were able to investigate the issue, and come up with a proper solution.
The SquirrelMail Stable Development Team
Log in to post a comment.