Greetings, The SquirrelMail Team is pleased to announce the release of SquirrelMail version 1.4.21. This is primarily a maintenance release which addresses a smattering of small issues and adds some fine-tuning of recent changes. It also closes two relatively low-risk security issues. Before this release, for environments with highly active users, the number of security tokens could have bloated user session (and preference) files to an unacceptable size, hurting overall responsiveness. This release scales back the default validity period of security tokens from 30 days to two days, which should fix this problem in most cases. The administrator is always free to change this value by specifying $max_token_age_days in config/config_local.php. There are also fixes for minor issues related to header folding, faster and more resilient display of encoded subjects, quoting of encoded addresses upon reply, provision of a subject when using forward-as-attachment, and a few other tidbits. This release also includes fixes for two low-risk vulnerabilities. The first, CVE-2010-1637, allows authenticated users to use the Mail Fetch plugin as a network/port/DNS scanner. The second, CVE-2010-2813, poses a denial-of-service risk when passwords containing 8-bit characters are used to log in. While we characterize these issues as fairly low risk, it is nevertheless recommended that users of previous versions of SquirrelMail upgrade at their earliest convenience. For more complete details, see the ReleaseNotes and ChangeLog files included in this release (in the doc/ directory). The latest release can be downloaded from the SquirrelMail website: http://squirrelmail.org/download Package md5sums =============== 44d2fe85d6fc3092bf4f11e6e928f9dc squirrelmail-1.4.21.tar.bz2 1e53a47b0544c37705079cb961ef05dc squirrelmail-1.4.21.tar.gz 5d58d37b14ca391dc3043afdcdfdf66d squirrelmail-1.4.21.zip Package sha1sums ================ 8a125ceca939fd4dd957491d17263b1857ddff60 squirrelmail-1.4.21.tar.bz2 7c3ca74aa748cef1d6dc6a0617b2c0554b1d6af0 squirrelmail-1.4.21.tar.gz 3619efc7692e52bd2a33df1f9c39e453b66eac1f squirrelmail-1.4.21.zip **** The SquirrelMail team can use your help! **** Attention all users of SquirrelMail: SquirrelMail is currently celebrating 11 years of providing free, Open Source Software to the world. We have a lot to be grateful for and many people to thank for how successful we've been! But running a high-profile project with all-volunteer labor means that the mundane chores gradually consume all our effort and sideline our visionary initiatives for our next big release. We feel that the time is right, after so many years of free service, to ask our community to contribute to the project and support us in keeping up with ongoing maintenance and development, and in speeding up the release of our new, fully-skinable "Web 2.0" version. Please visit our donations and bounties page here: http://squirrelmail.org/donations.php Attention developers: We consist of volunteers developing the most popular open source webmail client available. We're looking for people to join our team to help keep our product quality high and to continue to deliver new and enhanced features. Our project offers an interesting challenge at the intersection of the IMAP, SMTP and HTTP protocols. What can you do to help? Any of the following: * Develop new features: help out on making SquirrelMail "skinnable" or work with new technologies * Help sort and fix bugs: interact with submitters, find test cases and solutions to bugs * Support our users by answering questions on the mailing lists or the IRC channel * Translate SquirrelMail into your language * Donate to the developers: feed us nuts! For more details, please refer to http://squirrelmail.org/howtohelp Happy SquirrelMailing! The SquirrelMail Project Team -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users