'[SM-CVS] SF.net SVN: squirrelmail:[13291]'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-cvs
Subject:    [SM-CVS] SF.net SVN: squirrelmail:[13291]
From:       kink () users ! sourceforge ! net
Date:       2008-09-28 13:58:22
Message-ID: E1Kjwn0-0003OA-9f () dn4whf1 ! ch3 ! sourceforge ! com
[Download RAW message or body]

Revision: 13291
          http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13291&view=rev
Author:   kink
Date:     2008-09-28 13:58:21 +0000 (Sun, 28 Sep 2008)

Log Message:
-----------
prepare for release

Modified Paths:
--------------
    branches/SM-1_4-STABLE/squirrelmail/ChangeLog
    branches/SM-1_4-STABLE/squirrelmail/ReleaseNotes
    branches/SM-1_4-STABLE/squirrelmail/functions/strings.php

Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/ChangeLog	2008-09-28 13:45:49 UTC (rev 13290)
+++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog	2008-09-28 13:58:21 UTC (rev 13291)
@@ -2,8 +2,8 @@
 *** SquirrelMail Stable Series 1.4 ***
 **************************************
 
-Version 1.4.16 - SVN
---------------------
+Version 1.4.16 - 28 September 2008
+----------------------------------
   - Added support for Latvian.
   - Add submit button type option widget
   - Allow address book lookups by fields other than nickname/alias

Modified: branches/SM-1_4-STABLE/squirrelmail/ReleaseNotes
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/ReleaseNotes	2008-09-28 13:45:49 UTC (rev \
                13290)
+++ branches/SM-1_4-STABLE/squirrelmail/ReleaseNotes	2008-09-28 13:58:21 UTC (rev \
13291) @@ -1,7 +1,7 @@
 /*****************************************************************
- * Release Notes: SquirrelMail 1.4.15                            *
- * The "Plain Old Regular" Release                               *
- * 22 May 2008                                                   *
+ * Release Notes: SquirrelMail 1.4.16                            *
+ * The "Taming the Cookie Monster" Release                       *
+ * 28 September 2008                                             *
  *****************************************************************/
 
 In this edition of SquirrelMail Release Notes:
@@ -16,13 +16,35 @@
 All about this release
 ======================
 
-This release is a bugfix release for a number of issues identified since
-1.4.13 was released.
+This release addresses a security problem in SquirrelMail, aswell
+as your regular collection of bug fixes and some improvements mainly
+targeted at plugins.
 
-Version number 1.4.14 was skipped, because some spammer decided to use this
-version number in a phishing attempt.
+Notable changes:
+ * Security fix, see below.
+ * Latvian was added as a new language.
+ * The abook_take plugin was removed.
 
+Security issue
+==============
 
+An issue was fixed that allowed the cookies of a session started
+over SSL (https) to be transmitted over HTTP aswell. This affects
+installations that offer SquirrelMail both over HTTP and HTTPS.
+This is known as setting the "secure" flag of the cookie.
+
+An override option has been added that can be used when you have
+a need to continue a session over HTTP that has been started over
+HTTPS, although we do not recommend that.
+
+We would like to thank Hanno Boeck for reporting this issue to us.
+It is tracked as CVE-2008-3663.
+
+As an additional fortification, SquirrelMail now sets the HttpOnly
+flag to counter possible future cross site scripting attacks in
+some browsers (Internet Explorer 6+, Firefox 2.0.0.5+).
+
+
 Locales / Translations / Charsets
 =================================
 

Modified: branches/SM-1_4-STABLE/squirrelmail/functions/strings.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/strings.php	2008-09-28 13:45:49 UTC \
                (rev 13290)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/strings.php	2008-09-28 13:58:21 UTC \
(rev 13291) @@ -16,7 +16,7 @@
  * SquirrelMail version number -- DO NOT CHANGE
  */
 global $version;
-$version = '1.4.16 [SVN]';
+$version = '1.4.16';
 
 /**
  * SquirrelMail internal version number -- DO NOT CHANGE


This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
                https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic