Softpedia >Linux >Internet >HTTP (WWW) >SquirrelMail >  Changelog

SquirrelMail Changelog

What's new in SquirrelMail 1.4.21

Jul 23, 2010
  • The SquirrelMail Team is pleased to announce the release of SquirrelMail version 1.4.21. This is primarily a maintenance release which addresses a smattering of small issues and adds some fine-tuning of recent changes. It also closes two relatively low-risk security issues.
  • Before this release, for environments with highly active users, the number of security tokens could have bloated user session (and preference) files to an unacceptable size, hurting overall responsiveness. This release scales back the default validity period of security tokens from 30 days to two days, which should fix this problem in most cases. The administrator is always free to change this value by specifying $max_token_age_days in config/config_local.php.
  • There are also fixes for minor issues related to header folding, faster and more resilient display of encoded subjects, quoting of encoded addresses upon reply, provision of a subject when using forward-as-attachment, and a few other tidbits.
  • This release also includes fixes for two low-risk vulnerabilities. The first, CVE-2010-1637, allows authenticated users to use the Mail Fetch plugin as a network/port/DNS scanner. The second, CVE-2010-2813, poses a denial-of-service risk when passwords containing 8-bit characters are used to log in. While we characterize these issues as fairly low risk, it is nevertheless recommended that users of previous versions of SquirrelMail upgrade at their earliest convenience.

New in SquirrelMail 1.4.20 (Mar 7, 2010)

  • This release makes final the changes implemented in our last two release candidates and adds several smaller fixes and feature improvements.
  • Of those new fixes and improvements not included in our last release candidate, the most notable fix is that for the formerly broken search page, but we've also fixed sorting in the Sent folder, handling of complex mailto: addresses, display of multibyte subjects, quoting of encoded headers, automatic installation address detection (especially useful for lighttpd environments), a privacy issue related to DNS prefetching of email content, and added unread links in the message view and a Gmail IMAP configuration option.

New in SquirrelMail 1.4.18 (May 12, 2009)

  • This release addresses some security problems in SquirrelMail, adds several new language translations, makes some improvements to the filters plugin and the address book system, and addresses several other small bug fixes and improvements.
  • Notable changes:
  • Security fixes - see below.
  • New languages: Bangladeshi Bengali, Khmer, Tamil

New in SquirrelMail 1.4.17 (Dec 4, 2008)

  • Allow control over white space wrapping of auto-generated SquirrelMail option widgets.
  • Fix matching of alternate identities when replying.
  • Fix HTTPS detection under Windows IIS that was incorrectly setting cookies to be transmitted only over a secure connections when none existed (#2318118).
  • Security:
  • Fix XSS exploit in hyperlinks when rendering messages. Thanks to Secunia Research for reporting this issue and for their patience. [CVE-2008-2379]