NaSMail About  |  Documentation  |  Downloads  |  Plugins  |  Contribs  |  Project Site

 *****************************************************************
 * Release Notes: NaSMail 1.7                                    *
 * The "Smoky Pocket Gopher" Release                             *
 * 2009-11-22                                                    *
 *****************************************************************
In this edition of NaSMail Release Notes:
   * All about this Release!
   * Locales / Translations / Charsets
   * Security issues
   * Major updates
   * A note on plugins
   * About release name
   * Reporting NaSMail bugs


All about this release
======================
This release adds IMAP literal strings support to basic IMAP commands, fixes 
some security issues and adds other small bugfixes and code improvements.

See list of other changes in ChangeLog.


Locales / Translations / Charsets
=================================

The translations for NaSMail are not part of the main package and must be 
downloaded separately. You can find these packages through our homepage. They 
also contain instructions on how to install.

Lightweight version of extra decoding library is included in core package. You 
don't have to install extra decoding library scripts, if your PHP installation 
supports recode or iconv.


Security Issues
===============
This NaSMail release addresses issues listed in SquirrelMail CVE-2009-2964
security report. This vulnerability can affect plugins that are not bundled
with NaSMail. If you use such plugins, check NaSMail site for updated plugin
versions or contact your plugin developer and ask to confirm that plugin is
secured against cross-site request forgery (CSRF) exploits.

This NaSMail release addresses issue listed in SquirrelMail CVE-2009-1579
security report. This vulnerability can affect NaSMail setups that use sample
map_yp_alias function to map IMAP server to YP host.

This NaSMail release sanitizes contrib/decrypt_headers.php output issue listed
in SquirrelMail CVE-2009-1578 security report.


Major updates
=============
This release modifies the way code sends strings in IMAP searches. Older code
used incorrect commands with quoted strings in 'hmailserver' and 'eims' presets
and literal strings in other IMAP server types. Updated code fixed the way 
commands are executed. 'hmailserver' and 'eims' workarounds are removed.


A note on plugins
=================
There have been major plugin architecture updates in NaSMail. Plugins designed
for SquirrelMail 1.4.8 might work in NaSMail with some quirks. If plugins use
functions introduced in SquirrelMail 1.4.10 or depend on quirks of 1.4.10 
session functions, they will be broken. Plugins must be updated to use new 
internationalization code. If plugins use older option hooks, they must be 
updated to use option widgets.

If plugins use HTTP Location: redirects, JavaScript or user's password, they 
might need updates to work in NaSMail 1.2+ cookieless mode correctly. If 
interface is used in standard mode with cookies, outdated plugins should work 
without problems.

If plugins are linked to message display (src/read_body.php), they might need
updates to support NaSMail 1.4+ NSM_LAYOUT_PREVIEW mode correctly.

CVE-2009-2964 security fixes broke some plugins in NaSMail 1.7. spamcop 1.7 
and older versions are not compatible with NaSMail 1.7.

You can find more information about compatibility between NaSMail and plugin 
versions at http://www.nasmail.org/docs/compatibility.shtml.


About release name
==================
Smoky Pocket Gopher is a species of rodent in the Geomyidae family. It is 
endemic to Mexico. Its natural habitat is subtropical or tropical dry lowland 
grassland.


Reporting NaSMail bugs
======================

We constantly aim to make NaSMail even better. So we need you to submit any bug
you come across! Also, please mention that the bug is in this release, and list
your IMAP server and webserver details.

   https://gna.org/bugs/?group=nasmail

Thanks for your cooperation with this. That helps us to make sure nothing slips
through the cracks. Also, it would help if people would check existing tracker
items for a bug before reporting it again. This would help to eliminate 
duplicate reports, and increase the time we can spend CODING by DECREASING the 
time we spend sorting through bug reports. And remember, check not only OPEN 
bug reports, but also closed ones as a bug that you report MAY have been fixed 
in development code already.

Any questions about installing or using NaSMail can be directed to our user 
support list:

    nasmail-users@gna.org

-- 
The NaSMail Project Team

This file last modified on 2013-07-23 12:26 MST
Copyright © 2006-2009 The NaSMail Project