'[SM-PLUGINS] [SM-ANNOUNCE] ANNOUNCE: SquirrelMail 1.4.21 Released'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-plugins
Subject:    [SM-PLUGINS] [SM-ANNOUNCE] ANNOUNCE: SquirrelMail 1.4.21 Released
From:       Paul Lesniewski <paul () squirrelmail ! org>
Date:       2010-07-23 6:08:21
Message-ID: AANLkTinLJiHqZWuxYVA-KxFe1rdtqqFpjWej6CN-sgXQ () mail ! gmail ! com
[Download RAW message or body]

Greetings,

The SquirrelMail Team is pleased to announce the release of
SquirrelMail version 1.4.21.  This is primarily a maintenance release
which addresses a smattering of small issues and adds some fine-tuning
of recent changes.  It also closes two relatively low-risk security
issues.

Before this release, for environments with highly active users, the
number of security tokens could have bloated user session (and
preference) files to an unacceptable size, hurting overall
responsiveness.  This release scales back the default validity period
of security tokens from 30 days to two days, which should fix this
problem in most cases.  The administrator is always free to change
this value by specifying $max_token_age_days in
config/config_local.php.

There are also fixes for minor issues related to header folding,
faster and more resilient display of encoded subjects, quoting of
encoded addresses upon reply, provision of a subject when using
forward-as-attachment, and a few other tidbits.

This release also includes fixes for two low-risk  vulnerabilities.
The first, CVE-2010-1637, allows authenticated users to use the Mail
Fetch plugin as a network/port/DNS scanner.  The second,
CVE-2010-2813, poses a denial-of-service risk when passwords
containing 8-bit characters are used to log in.  While we characterize
these issues as fairly low risk, it is  nevertheless recommended that
users of previous versions of SquirrelMail upgrade at their earliest
convenience.

For more complete details, see the ReleaseNotes and ChangeLog files
included in this release (in the doc/ directory).

The latest release can be downloaded from the SquirrelMail website:

   http://squirrelmail.org/download

Package md5sums
===============
44d2fe85d6fc3092bf4f11e6e928f9dc  squirrelmail-1.4.21.tar.bz2
1e53a47b0544c37705079cb961ef05dc  squirrelmail-1.4.21.tar.gz
5d58d37b14ca391dc3043afdcdfdf66d  squirrelmail-1.4.21.zip

Package sha1sums
================
8a125ceca939fd4dd957491d17263b1857ddff60  squirrelmail-1.4.21.tar.bz2
7c3ca74aa748cef1d6dc6a0617b2c0554b1d6af0  squirrelmail-1.4.21.tar.gz
3619efc7692e52bd2a33df1f9c39e453b66eac1f  squirrelmail-1.4.21.zip

**** The SquirrelMail team can use your help! ****

Attention all users of SquirrelMail:

SquirrelMail is currently celebrating 11 years of providing free, Open
Source Software to the world.  We have a lot to be grateful for and
many people to thank for how successful we've been!  But running a
high-profile project with all-volunteer labor means that the mundane
chores gradually consume all our effort and sideline our visionary
initiatives for our next big release.  We feel that the time is right,
after so many years of free service, to ask our community to
contribute to the project and support us in keeping up with ongoing
maintenance and development, and in speeding up the release of our
new, fully-skinable "Web 2.0" version.  Please visit our donations and
bounties page here:

   http://squirrelmail.org/donations.php

Attention developers:

We consist of volunteers developing the most popular open source
webmail client available.  We're looking for people to join our team
to help keep our product quality high and to continue to deliver new
and enhanced features.  Our project offers an interesting challenge at
the intersection of the IMAP, SMTP and HTTP protocols.

What can you do to help? Any of the following:
 * Develop new features: help out on making SquirrelMail "skinnable" or work
   with new technologies
 * Help sort and fix bugs: interact with submitters, find test cases and
   solutions to bugs
 * Support our users by answering questions on the mailing lists or the IRC
   channel
 * Translate SquirrelMail into your language
 * Donate to the developers: feed us nuts!

For more details, please refer to http://squirrelmail.org/howtohelp

Happy SquirrelMailing!
The SquirrelMail Project Team

-- 
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
--
squirrelmail-announce mailing list
List Address: squirrelmail-announce@lists.sourceforge.net
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-announce


------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
-----
squirrelmail-plugins mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-plugins@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.plugins
List info (subscribe/unsubscribe/change options): \
https://lists.sourceforge.net/lists/listinfo/squirrelmail-plugins


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic