Release Notes: This release contains a large number of performance enhancements, stability fixes, and a few bug/security fixes. The most important thing to note when upgrading to version 1.4.22 is that due to a fix for the folder list display, administrators who had their configuration file set to work around this issue previously will need to update their configuration. This release also addresses several security issues, including some harsh but hard to exploit XSS bugs, a general clickjacking vulnerability, and a small problem with message sanitizing.
Release Notes: This is primarily a maintenance release which addresses a smattering of small issues and adds some fine-tuning of recent changes. It also closes two relatively low-risk security issues.
Release Notes: This release makes final the changes implemented in the last two release candidates and adds several smaller fixes and feature improvements. The formerly broken search page was fixed. Sorting is done in the Sent folder. Complex mailto: addresses can be handled. Multibyte subjects can be displayed. Encoded headers can be quoted. Installation address is automatically detected (which is especially useful for lighttpd environments). A privacy issue related to DNS prefetching of email content was fixed. Unread links were added in the message view. A Gmail IMAP configuration option was added.
Release Notes: This release extends the security fixes in the previous release candidate package to protect delete message functionalities.
Release Notes: This release addresses a security hole, removes the use of some deprecated PHP functions, fixes a problem in the filters plugin, and addresses some privacy issues. Because of the somewhat invasive nature of the changes required for the security and deprecation issues addressed herein, this "release candidate" is being released before officially moving to version 1.4.20. This version has undergone limited testing.
Release Notes: White space wrapping of auto-generated SquirrelMail option widgets may now be controlled. Matching of alternate identities when replying was fixed. HTTPS detection under Windows IIS was fixed, as it was incorrectly setting cookies to be transmitted only over a secure connections when none existed. An XSS exploit in hyperlinks when rendering messages was fixed.
Release Notes: This release addresses a security problem in SquirrelMail. It has a collection of bugfixes and some improvements mainly targeted at plugins. Cookies will only be sent over HTTPS when the login session starts in HTTPS (this is asecurity fix). Latvian was added as a new language. The abook_take plugin was removed (for which a third party replacement is available).
Release Notes: This release is a bugfix release for a number of issues identified since 1.4.13 was released. Version number 1.4.14 was skipped, because some spammer decided to use this version number in a phishing attempt.
Release Notes: This release fixes high risk security issues that allowed remote inclusion of files with PHP 4 and allow_url_fopen on that were introduced in compromised 1.4.11 and 1.4.12 packages.
Release Notes: This update brings an assortment of bugfixes and stability enhancements.