* Fix error if user's account only contains an INBOX
Changes 4.3.8:
* SECURITY: Properly escape user input in Fetchmail configuration.
* Fix updating POP3 indices when using mailbox caching
* Include "anyone" user when listing users in the ACL screen
* Turn DNS prefetching off when displaying untrusted message content
Changes 4.3.7:
* Fix spellcheck-on-send when using fckeditor and no errors exist
* Fix authenticate API call and synchronization when using realms
* Optimize folder tree initialization
* Add command line fetchmail script
* Workaround broken PHP number formatting with some locales
* Don't cache local PGP public keys retrieved from the address book.
* Fixed some URL escaping issue for certain links introduced with the
security fixes from 4.3.3.
* Fixed updating POP3 indices when deleting in mailbox view.
* Fixed some folder creation issues occasionally seen, most often during
maintenance tasks.
* Other minor bugfixes.
The full list of changes (from version H3 (4.3.3)) can be viewed here:
http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.376&r2=1.699.2.389&ty=h
------
v4.3.2
------
[mms] Fix prototypejs regression on IE (Bug #6590).
------
v4.3.1
------
[jan] SECURITY: Escape output in test.php.
[mms] Don't include Virtual Folder information in when tracking folder
tree changes (Bug #7739).
[mms] Marked stripped parts as 'attachment', not 'inline' (Request #4664).
[mms] Fix linking from addresses in mailbox to compose screen (Bug #7432).
[jan] Use mailer configuration when sending iTip replies (Bug #7388).
[jan] Always display multipart/appledouble attachments.
[mms] Upgrade prototype.js to v1.6.0.3.
----
v4.3
----
[jan] Add compose token to redirect view (bug 7383).
[jan] Don't resize window if not composing messages in a popup.
--------
v4.3-RC2
--------
[mms] Fix loading of print stylesheets when printing a message (bug 7310).
[mjr] Fix redirect loop when conf[server][change_server] is true (bug 6978).
[mms] Fix message caching and optimize storage.
[mms] Fix autocomplete address positioning on IE (bug 7074).
[cjh] When the selected view doesn't match the type of browser's default view
(IMP or DIMP for a mobile browser, MIMP or DIMP for a desktop browser),
explicitly redirect to that view and disable the frameset (bug 6332).
[jan] Add support for updating exsting events and cancelled recurring event
instances to iTip viewer (bug 6636).
[mms] Fix uploaded compose attachment names if magic quoting is on (bug 7215).
[mms] Cache results of address formatting.
[jan] Show name and email address in the address book popup (Request 6937).
[mms] Messages from lists can now have large quotes automatically hidden.
---------------------------------
v4.3-RC1 (released as v4.2.1-RC1)
---------------------------------
[mms] Fix incorrect autocomplete replacement in certain cases (bug 6819).
[mms] Use optimized autocomplete javascript library.
[mms] Handle ';' to delimit addresses when composing.
[jan] Don't allow adding private PGP keys as public keys (bug 7080).
[jan] Add Basque translation (Euskal Herriko Unibertsitatea EHU/UPV
<xabier.arrieta@ehu.es>).
[mms] Search by size now displayed in KB (Request 6921).
[jan] Add option to attach personal vCard to message (requires Turba 2.2.2).
[jan] Fix maildir quota driver (bug 7014).
[jan] Add configuration for quota message format.
[mms] Maintain original header encoding on redirect (bug 7006).
[cjh] Add CSRF tokens to the Compose screen (Kris Steinhoff
<steinhof@umich.edu>).
[jan] Fix adding vhost specific trailer.txt.
[jan] Add more flexible placeholders to SQL quota driver.
[jan] Fix passing passwords to quota drivers.
[mms] Improved folder list generation (bug 6972).
[cjh] Allow hiding quota messages when quota is unlimited
(Thomas Jarosch <thomas.jarosch@intra2net.com>, Request 6934).
[jan] Add mailto: handler for Firefox 3+.
[mms] Fix address MIME encoding issues when saving a draft (bug 6986).
[cjh] Include a hint about fixing invalid From addresses in the error message
(steinhof@umich.edu, bug 6941).
[cjh] Fix overwriting $params in _imp_adminDo API call (bug 6955).
[mms] Never wrap flowed lines in text/plain messages.
[mms] Fix broken spellcheck when using fckeditor on Safari 3 (bug 6909).
[mms] Fix unescaping URL parameters passed to popup windows (bug 6834).
[jan] Fix logging of forwarded messages.
[mms] Fix creation of subfolders in certain namespaces
(thomas.jarosch@intra2net.com, bug 6827).
[mms] Improve search page by moving flags into search criteria section
(Request 6825).
[mms] If using imagemagick, allow creation of PDF thumbnails.
[mms] Strip quotation marks and backslashes from displayed addresses.
[mms] Fix spellcheck in HTML mode when using Xinha on IE (bug 6799).
[mms] Fix rare case when spellchecking HTML input could result in the HTML
tags being recognized as misspelled words.
[jan] Fix parsing for Token System configuration parameters.
[mms] Add ability to search by size.
these enhancements:
* Message and mailbox caching on the server side, resulting in much
increased performance and much less web server and IMAP server load.
* Rewrite of much of IMP's core libraries, resulting in more efficient
memory usage, more efficient IMAP queries, smaller session sizes, and
increased performance.
* WCAG 1.0 Priority 2/Section 508 accessibility guidelines compliance.
* Javascript auto-complete contact list searching.
* Can now have multiple browser windows open without destroying the
open session.
* Logging of sent messages.
* Add protection against CSRF attacks.
* Improve WYSIWYG editors to support more browsers and offer more choices.
* Server configuration to limit maximum number of recipients per message
and maximum number of sent messages over a certain period of time.
* Improved templating of output code to ease local customization.
* Additional maintenance tasks to clean old messages from mailboxes.
* Sorting is now saved per mailbox rather than across all mailboxes.
* On IE and Firefox, warn users before closing popup compose window.
* Add support for symmetric PGP encryption.
* Preference added to dictate default cursor location in compose textarea.
* Preference added to only verify PGP & S/MIME signed messages on
user request.
* Forward messages as RFC 822 parts by default; provide more options for
forwarding messages; and be smarter about what part to use as body
text depending on current editor (text vs. html).
* Javascript code now uses the prototype js library, resulting in more
robust code and more available functionality - for example, non-modal
newmail popups.
* Add server configuration to limit the maximum size of MIME message
data that can be displayed inline.
* Use tidy extension (if available) to clean up display of HTML messages
and clean up HTML composed messages.
* Add RSS/Atom feed for mailboxes.
* More/improved display options for the folder lists and better handling
of non-private namespaces.
* Improvements/cleanups to the imap quota drivers.
* Add additional hooks after certain actions (i.e. post-login,
post-compose).
* Add support for sending e-mails with Internationalized Domain Names
(IDN).
* Fetch public PGP keys from keyserver if not available in address book.
* Add configuration for folders that may not be modified.
* and much, much, much more.
v4.1.5
------
[cjh] Lower memory usage when downloading folders (Andrew Morgan
<morgan@orst.edu>).
[mms] Fix detection of default namespace information when no namespaces are
defined on the server (Bug 5538).
[mms] Don't lose message bodies when moving messages to trash when over quota
(Bug 5470).
[cjh] Remove unused defaults in Fetchmail_imap (Bug 2799).
[jan] Fix empty folder name appearing on Cyrus and servers with similar
namespaces (Bug 5138).
[jan] Only show reply options in iCalendar viewer if a reply is requested.
[cjh] Remove non-responsive www.keyserver.net and wwwkeys.pgp.net from
PGP options (Bug 5323).
[jan] Fix moving messages when over quota on Dovecot servers (Bug 5270).
[jan] Fix parsing of certain distribution lists (Bug 5134).
[mms] Fix rare occurrence where an action perfomed on the mailbox screen would
instead be performed on the INBOX (Bug 5202).
[mms] Don't show save attachments prompt in compose screen if configured to
automatically link all attachments (Request 5189).
[jan] SECURITY: Fix XSS vulnerabilities in the search screen and thread view.
[jan] Improve displaying of PGP messages (requires Horde 3.1.4 partially).
[mms] Make sure we pass a read/write IMAP stream to the filters API (Bug
5054).
[mms] Do not allow move to trash unless trash folder is defined (Bug 5012).
[jan] Fix an encoding issue with the address book popup (Bug 5050).
Major changes compared to the IMP H3 (4.1.2) version are:
* Added server configuration option to limit numer of login tries.
* Added link to view attached S/MIME key details.
* Fixed escaping of folder names.
* Updated Catalan, German and Slovenian translations.
* Several small bugfixes and improvements.
The full list of changes (from version H3 (4.1.2)) can be viewed here:
http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.194&r2=1.699.2.206&ty=h
Major changes compared to the IMP H3 (4.1.1) version are:
* Allow to toggle off the Virtual Inbox.
* Display quota for current folder on Cyrus servers.
* Updated German, Italian and Spanish translations.
* Several small bugfixes and improvements.
The full list of changes (from version H3 (4.1.1)) can be viewed here:
http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.184&r2=1.699.2.194&ty=h
- From the ChangeLog:
> ------
> v3.2.8
> ------
>
> [jan] Close XSS when setting the parent frame's page title by javascript (cjh).
> [mms] Fix display of MIME parts less than 1K when local number format uses
> ',' as the decimal separator.
> [jan] Don't use trash folder on POP3 servers under certain circumstances
> (Bug 1373).
> [jan] Fix "Save as" link to save message sources (Bug 1233).
>
>
> ------
> v3.2.7
> ------
>
> [mms] Determine the default IMAP delimiter according to RFC 3501.
> [mms] Fix the folders screen hanging if there was only one folder (Bug 504).
> [jan] Correctly cancel messages composition in all cases (Rich Bartell
> <rwb@bartellonline.com).
> [mms] Don't convert colons in user-defined headers to underscores (Bug 676).
> [jan] Don't blacklist already blacklisted addresses again (Bug 530).
Ok'ed wiz@/snj@/bouyer@
From the CHANGELOG:
------
v3.2.4
------
[cjh] SECURITY: Close an XSS hole exploited via the Content-type header
of malicious emails.
[jan] Fix conversion of folder names in some non-ascii charsets with buggy
iconv implementations (Wenzhuo Zhang <wenzhuo@zhmail.com>).
[jan] Filter out <base> tags when viewing HTML messages (Bug #10).
[mms] Encode subject when saving as draft (Tero Matinlassi
<tero.matinlassi@edu.vantaa.fi>).
------
v3.2.3
------
[jan] Fix the 'undefined index direct_access' error still occuring in obscure
cases.
[jan] Add Indonesian language (Slamin <slamin@unej.ac.id>).
[jan] <style> and <link> tags get commented out in HTML messages to not
allow them breaking the page layout.
[jan] Add Galician translation (Rafael Varela Pet <srrafa@usc.es>, Guillermo
Mendez <guille@usc.es>).
[jan] Remove HTML tags showing up in some error messages.
[mms] The spell check feature now keeps lines wrapped and correctly handles
apostrophes in words on all architectures.
Changes since 3.2.1:
[mms] SECURITY: XSS vulnerabilities in the HTML viewer fixed (Ulf Harnhammar
<ulf@update.uu.se>).
[mms] SECURITY: If Horde 2.2.4 is available, additional code is used to
protect against session fixation issues.
[jan] Add Arabic (Syria) translation (Platinum Development Team
<devteam@platinum-sy.net>).
[jan] Add Arabic (Oman) translation (Said Al-Hosni <admin@wabhosting.com>).
[jan] Add Macedonian translation (Stojan Pesov <ssp@eureka.com.mk>).
[jon] Allow the spam reporting system to also use an external program.
[jan] Add IMP::rfc822WriteAddress() as a replacement for the buggy
imap_rfc822_write_address() function.
[jan] Add Thai translation (Surasak Srisawan <surasak@rirc.ac.th>).
[bjn] Add blacklist/whitelist hooks to Ingo.
[jan] Add Icelandic translation (Bjorn Davidsson <bjossi@snerpa.is>).
[mms] Correct display of filter rules with "special" HTML characters.
Main changes from 3.0:
Add various translations
Check for invalid 8bit characters in email addresses
Updates for various browsers quirks
Do not allow the '\' character in full names (see RFC 2822 [3.2.5]).
Close several small XSS vulnerabilities
Show timeout warning if session is about to expire
Added images MIME_Viewer
Protect against modified login forms
Escape login data correctly
Various bug fixes and interface improvements.
For details see share/doc/imp/CHANGES
"IMP 3.0 is now available! This major release delivers a brand-new, cleaner
user interface, improved internationalization, mail filtering, identities,
and much more, the result of over two years of feedback and experience
based on the successful IMP 2.2.x releases."
Note that the database format has changed, use
${PREFIX}share/horde/imp/scripts/imp2horde.pl
to convert to the new format.
[bjn] SECURITY: Use is_uploaded_file() function to validate all attachment
uploads (prevent spoofing).
[bjn] SECURITY: Fix attachment upload to use tempnam(). (Jarno Huuskonen
<Jarno.Huuskonen@uku.fi>)
[cjh] SECURITY: Fix attachment viewers to use tempnam().
[cjh] Fix mysql warning with php 4.0.7.
[max] Move all JavaScript URLs to the onclick event handler to prevent
breaking IE SSL in certain circumstances.
[cjh] Add addslashes() to mysql db library.
[bjn] Bug 577: umask fixes to prevent world-writable /tmp files.
(<andreas@conectiva.com.br>)
[bjn] Bug 517: Fixes for LDAP searching--bogus LDAP filters when some
drop-downs were switched away from default values. (Robert Marchand
<robert.marchand@UMontreal.CA>)
[cjh] Allow '+' to terminate URLs.
