* Fix error if user's account only contains an INBOX
Changes 4.3.8:
* SECURITY: Properly escape user input in Fetchmail configuration.
* Fix updating POP3 indices when using mailbox caching
* Include "anyone" user when listing users in the ACL screen
* Turn DNS prefetching off when displaying untrusted message content
Changes 4.3.7:
* Fix spellcheck-on-send when using fckeditor and no errors exist
* Fix authenticate API call and synchronization when using realms
* Optimize folder tree initialization
* Add command line fetchmail script
* Workaround broken PHP number formatting with some locales
* Don't cache local PGP public keys retrieved from the address book.
* Fixed some URL escaping issue for certain links introduced with the
security fixes from 4.3.3.
* Fixed updating POP3 indices when deleting in mailbox view.
* Fixed some folder creation issues occasionally seen, most often during
maintenance tasks.
* Other minor bugfixes.
The full list of changes (from version H3 (4.3.3)) can be viewed here:
http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.376&r2=1.699.2.389&ty=h
------
v4.3.2
------
[mms] Fix prototypejs regression on IE (Bug #6590).
------
v4.3.1
------
[jan] SECURITY: Escape output in test.php.
[mms] Don't include Virtual Folder information in when tracking folder
tree changes (Bug #7739).
[mms] Marked stripped parts as 'attachment', not 'inline' (Request #4664).
[mms] Fix linking from addresses in mailbox to compose screen (Bug #7432).
[jan] Use mailer configuration when sending iTip replies (Bug #7388).
[jan] Always display multipart/appledouble attachments.
[mms] Upgrade prototype.js to v1.6.0.3.
----
v4.3
----
[jan] Add compose token to redirect view (bug 7383).
[jan] Don't resize window if not composing messages in a popup.
--------
v4.3-RC2
--------
[mms] Fix loading of print stylesheets when printing a message (bug 7310).
[mjr] Fix redirect loop when conf[server][change_server] is true (bug 6978).
[mms] Fix message caching and optimize storage.
[mms] Fix autocomplete address positioning on IE (bug 7074).
[cjh] When the selected view doesn't match the type of browser's default view
(IMP or DIMP for a mobile browser, MIMP or DIMP for a desktop browser),
explicitly redirect to that view and disable the frameset (bug 6332).
[jan] Add support for updating exsting events and cancelled recurring event
instances to iTip viewer (bug 6636).
[mms] Fix uploaded compose attachment names if magic quoting is on (bug 7215).
[mms] Cache results of address formatting.
[jan] Show name and email address in the address book popup (Request 6937).
[mms] Messages from lists can now have large quotes automatically hidden.
---------------------------------
v4.3-RC1 (released as v4.2.1-RC1)
---------------------------------
[mms] Fix incorrect autocomplete replacement in certain cases (bug 6819).
[mms] Use optimized autocomplete javascript library.
[mms] Handle ';' to delimit addresses when composing.
[jan] Don't allow adding private PGP keys as public keys (bug 7080).
[jan] Add Basque translation (Euskal Herriko Unibertsitatea EHU/UPV
<xabier.arrieta@ehu.es>).
[mms] Search by size now displayed in KB (Request 6921).
[jan] Add option to attach personal vCard to message (requires Turba 2.2.2).
[jan] Fix maildir quota driver (bug 7014).
[jan] Add configuration for quota message format.
[mms] Maintain original header encoding on redirect (bug 7006).
[cjh] Add CSRF tokens to the Compose screen (Kris Steinhoff
<steinhof@umich.edu>).
[jan] Fix adding vhost specific trailer.txt.
[jan] Add more flexible placeholders to SQL quota driver.
[jan] Fix passing passwords to quota drivers.
[mms] Improved folder list generation (bug 6972).
[cjh] Allow hiding quota messages when quota is unlimited
(Thomas Jarosch <thomas.jarosch@intra2net.com>, Request 6934).
[jan] Add mailto: handler for Firefox 3+.
[mms] Fix address MIME encoding issues when saving a draft (bug 6986).
[cjh] Include a hint about fixing invalid From addresses in the error message
(steinhof@umich.edu, bug 6941).
[cjh] Fix overwriting $params in _imp_adminDo API call (bug 6955).
[mms] Never wrap flowed lines in text/plain messages.
[mms] Fix broken spellcheck when using fckeditor on Safari 3 (bug 6909).
[mms] Fix unescaping URL parameters passed to popup windows (bug 6834).
[jan] Fix logging of forwarded messages.
[mms] Fix creation of subfolders in certain namespaces
(thomas.jarosch@intra2net.com, bug 6827).
[mms] Improve search page by moving flags into search criteria section
(Request 6825).
[mms] If using imagemagick, allow creation of PDF thumbnails.
[mms] Strip quotation marks and backslashes from displayed addresses.
[mms] Fix spellcheck in HTML mode when using Xinha on IE (bug 6799).
[mms] Fix rare case when spellchecking HTML input could result in the HTML
tags being recognized as misspelled words.
[jan] Fix parsing for Token System configuration parameters.
[mms] Add ability to search by size.
these enhancements:
* Message and mailbox caching on the server side, resulting in much
increased performance and much less web server and IMAP server load.
* Rewrite of much of IMP's core libraries, resulting in more efficient
memory usage, more efficient IMAP queries, smaller session sizes, and
increased performance.
* WCAG 1.0 Priority 2/Section 508 accessibility guidelines compliance.
* Javascript auto-complete contact list searching.
* Can now have multiple browser windows open without destroying the
open session.
* Logging of sent messages.
* Add protection against CSRF attacks.
* Improve WYSIWYG editors to support more browsers and offer more choices.
* Server configuration to limit maximum number of recipients per message
and maximum number of sent messages over a certain period of time.
* Improved templating of output code to ease local customization.
* Additional maintenance tasks to clean old messages from mailboxes.
* Sorting is now saved per mailbox rather than across all mailboxes.
* On IE and Firefox, warn users before closing popup compose window.
* Add support for symmetric PGP encryption.
* Preference added to dictate default cursor location in compose textarea.
* Preference added to only verify PGP & S/MIME signed messages on
user request.
* Forward messages as RFC 822 parts by default; provide more options for
forwarding messages; and be smarter about what part to use as body
text depending on current editor (text vs. html).
* Javascript code now uses the prototype js library, resulting in more
robust code and more available functionality - for example, non-modal
newmail popups.
* Add server configuration to limit the maximum size of MIME message
data that can be displayed inline.
* Use tidy extension (if available) to clean up display of HTML messages
and clean up HTML composed messages.
* Add RSS/Atom feed for mailboxes.
* More/improved display options for the folder lists and better handling
of non-private namespaces.
* Improvements/cleanups to the imap quota drivers.
* Add additional hooks after certain actions (i.e. post-login,
post-compose).
* Add support for sending e-mails with Internationalized Domain Names
(IDN).
* Fetch public PGP keys from keyserver if not available in address book.
* Add configuration for folders that may not be modified.
* and much, much, much more.
v4.1.5
------
[cjh] Lower memory usage when downloading folders (Andrew Morgan
<morgan@orst.edu>).
[mms] Fix detection of default namespace information when no namespaces are
defined on the server (Bug 5538).
[mms] Don't lose message bodies when moving messages to trash when over quota
(Bug 5470).
[cjh] Remove unused defaults in Fetchmail_imap (Bug 2799).
[jan] Fix empty folder name appearing on Cyrus and servers with similar
namespaces (Bug 5138).
[jan] Only show reply options in iCalendar viewer if a reply is requested.
[cjh] Remove non-responsive www.keyserver.net and wwwkeys.pgp.net from
PGP options (Bug 5323).
[jan] Fix moving messages when over quota on Dovecot servers (Bug 5270).
[jan] Fix parsing of certain distribution lists (Bug 5134).
[mms] Fix rare occurrence where an action perfomed on the mailbox screen would
instead be performed on the INBOX (Bug 5202).
[mms] Don't show save attachments prompt in compose screen if configured to
automatically link all attachments (Request 5189).
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
[jan] SECURITY: Fix XSS vulnerabilities in the search screen and thread view.
[jan] Improve displaying of PGP messages (requires Horde 3.1.4 partially).
[mms] Make sure we pass a read/write IMAP stream to the filters API (Bug
5054).
[mms] Do not allow move to trash unless trash folder is defined (Bug 5012).
[jan] Fix an encoding issue with the address book popup (Bug 5050).
Major changes compared to the IMP H3 (4.1.2) version are:
* Added server configuration option to limit numer of login tries.
* Added link to view attached S/MIME key details.
* Fixed escaping of folder names.
* Updated Catalan, German and Slovenian translations.
* Several small bugfixes and improvements.
The full list of changes (from version H3 (4.1.2)) can be viewed here:
http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.194&r2=1.699.2.206&ty=h
Major changes compared to the IMP H3 (4.1.1) version are:
* Allow to toggle off the Virtual Inbox.
* Display quota for current folder on Cyrus servers.
* Updated German, Italian and Spanish translations.
* Several small bugfixes and improvements.
The full list of changes (from version H3 (4.1.1)) can be viewed here:
http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.184&r2=1.699.2.194&ty=h
all PEAR packages to php?-pear-* and all Apache packages to ap13-* or
ap2-* respectively. Add new variables to simplify the Makefile
handling. Add CONFLICTS on the old names. Reset revisions of bumped
packages. ap-php will now depend on the default Apache and PHP version.
All programs using it have an implicit option of the Apache version
as well.
OK from jlam@ and adrianp@.
as the INSTALL and DEINSTALL scripts no longer distinguish between
the two types of files. Drop SUPPORT_FILES{,_PERMS} and modify the
packages in pkgsrc accordingly.
- From the ChangeLog:
> ------
> v3.2.8
> ------
>
> [jan] Close XSS when setting the parent frame's page title by javascript (cjh).
> [mms] Fix display of MIME parts less than 1K when local number format uses
> ',' as the decimal separator.
> [jan] Don't use trash folder on POP3 servers under certain circumstances
> (Bug 1373).
> [jan] Fix "Save as" link to save message sources (Bug 1233).
>
>
> ------
> v3.2.7
> ------
>
> [mms] Determine the default IMAP delimiter according to RFC 3501.
> [mms] Fix the folders screen hanging if there was only one folder (Bug 504).
> [jan] Correctly cancel messages composition in all cases (Rich Bartell
> <rwb@bartellonline.com).
> [mms] Don't convert colons in user-defined headers to underscores (Bug 676).
> [jan] Don't blacklist already blacklisted addresses again (Bug 530).
Ok'ed wiz@/snj@/bouyer@
From the CHANGELOG:
------
v3.2.4
------
[cjh] SECURITY: Close an XSS hole exploited via the Content-type header
of malicious emails.
[jan] Fix conversion of folder names in some non-ascii charsets with buggy
iconv implementations (Wenzhuo Zhang <wenzhuo@zhmail.com>).
[jan] Filter out <base> tags when viewing HTML messages (Bug #10).
[mms] Encode subject when saving as draft (Tero Matinlassi
<tero.matinlassi@edu.vantaa.fi>).
------
v3.2.3
------
[jan] Fix the 'undefined index direct_access' error still occuring in obscure
cases.
[jan] Add Indonesian language (Slamin <slamin@unej.ac.id>).
[jan] <style> and <link> tags get commented out in HTML messages to not
allow them breaking the page layout.
[jan] Add Galician translation (Rafael Varela Pet <srrafa@usc.es>, Guillermo
Mendez <guille@usc.es>).
[jan] Remove HTML tags showing up in some error messages.
[mms] The spell check feature now keeps lines wrapped and correctly handles
apostrophes in words on all architectures.
Changes since 3.2.1:
[mms] SECURITY: XSS vulnerabilities in the HTML viewer fixed (Ulf Harnhammar
<ulf@update.uu.se>).
[mms] SECURITY: If Horde 2.2.4 is available, additional code is used to
protect against session fixation issues.
[jan] Add Arabic (Syria) translation (Platinum Development Team
<devteam@platinum-sy.net>).
[jan] Add Arabic (Oman) translation (Said Al-Hosni <admin@wabhosting.com>).
[jan] Add Macedonian translation (Stojan Pesov <ssp@eureka.com.mk>).
[jon] Allow the spam reporting system to also use an external program.
[jan] Add IMP::rfc822WriteAddress() as a replacement for the buggy
imap_rfc822_write_address() function.
[jan] Add Thai translation (Surasak Srisawan <surasak@rirc.ac.th>).
[bjn] Add blacklist/whitelist hooks to Ingo.
[jan] Add Icelandic translation (Bjorn Davidsson <bjossi@snerpa.is>).
[mms] Correct display of filter rules with "special" HTML characters.
Main changes from 3.0:
Add various translations
Check for invalid 8bit characters in email addresses
Updates for various browsers quirks
Do not allow the '\' character in full names (see RFC 2822 [3.2.5]).
Close several small XSS vulnerabilities
Show timeout warning if session is about to expire
Added images MIME_Viewer
Protect against modified login forms
Escape login data correctly
Various bug fixes and interface improvements.
For details see share/doc/imp/CHANGES
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES". This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile. Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.