*****************************************************************
* Release Notes: NaSMail 1.6 *
* The "Great White Gopher" Release *
* 2009-01-11 *
*****************************************************************
In this edition of NaSMail Release Notes:
* All about this Release!
* Locales / Translations / Charsets
* Security issues
* Major updates
* A note on plugins
* Reporting NaSMail bugs
All about this release
======================
This release improves address book layout and navigation. It also tightens
security of session and password cookies. HTML filters are modified to remove
HTML5 media objects.
See list of other changes in ChangeLog.
Locales / Translations / Charsets
=================================
The translations for NaSMail are not part of the main package and must be
downloaded separately. You can find these packages through our homepage. They
also contain instructions on how to install.
Lightweight version of extra decoding library is included in core package. You
don't have to install extra decoding library scripts, if your PHP installation
supports recode or iconv.
Security Issues
===============
This release adds secure and httponly cookie support to counter issues reported
in SquirrelMail CVE-2008-3663 report. httponly cookies need PHP 5.2 or later.
secure cookies will be activated, if web service with SSL support is detected.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3663
Based on fixes made by SquirrelMail developers to counter CVE-2008-2379, we
suspect that NaSMail is not vulnerable to issues reported in this vulnerability
report. Related HTML filtering code was fixed in NaSMail 1.5.
Major updates
=============
* Address book layout rewrite.
* Support of secure and httponly cookies.
A note on plugins
=================
There have been major plugin architecture updates in NaSMail. Plugins designed
for SquirrelMail 1.4.8 might work in NaSMail with some quirks. If plugins use
functions introduced in SquirrelMail 1.4.10 or depend on quirks of 1.4.10
session functions, they will be broken. Plugins must be updated to use new
internationalization code. If plugins use older option hooks, they must be
updated to use option widgets.
If plugins use HTTP Location: redirects, JavaScript or user's password, they
might need updates to work in NaSMail 1.2+ cookieless mode correctly. If
interface is used in standard mode with cookies, outdated plugins should work
without problems.
If plugins are linked to message display (src/read_body.php), they might need
updates to support NaSMail 1.4+ NSM_LAYOUT_PREVIEW mode correctly.
You can find more information about compatibility between NaSMail and plugin
versions at http://www.nasmail.org/docs/compatibility.shtml.
Reporting NaSMail bugs
======================
We constantly aim to make NaSMail even better. So we need you to submit any bug
you come across! Also, please mention that the bug is in this release, and list
your IMAP server and webserver details.
https://gna.org/bugs/?group=nasmail
Thanks for your cooperation with this. That helps us to make sure nothing slips
through the cracks. Also, it would help if people would check existing tracker
items for a bug before reporting it again. This would help to eliminate
duplicate reports, and increase the time we can spend CODING by DECREASING the
time we spend sorting through bug reports. And remember, check not only OPEN
bug reports, but also closed ones as a bug that you report MAY have been fixed
in development code already.
Any questions about installing or using NaSMail can be directed to our user
support list:
nasmail-users@gna.org
--
The NaSMail Project Team
This file last modified on 2013-07-23 21:22 CEST
|
| Copyright © 2006-2009 The NaSMail Project |
