SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties


search site:
more search

NEWS: SquirrelMail appears in "Management"
Aug 29, 2009 by Jonathan Angliss
  Courtesy of a keen eyed squirrel user, it was pointed out that SquirrelMail has a staring roll in the 2008 movie 'Management'. Check it out, appears about 15 mins in. Thanks Alex for the keen eyes.

ANNOUNCE: SquirrelMail 1.4.20 Release Candidate 2 Now Available
Aug 18, 2009 by Paul Lesniewski
  Hot on the coattails of 1.4.20 release candidate 1, we received some helpful feedback from our friends at Secunia Research and have followed up with another release candidate. The risk of using the 1.4.20 release candidate 1 package instead of this one is very low, but we encourage the community to help test code that we hope to release as officially stable in the near future. Those who can upgrade to release candidate 2 are encouraged to do so!

ANNOUNCE: SquirrelMail 1.4.20 Release Candidate 1 Now Available
Aug 12, 2009 by Paul Lesniewski
  The SquirrelMail Team is pleased to bring you the first release candidate ahead of our next SquirrelMail version: 1.4.20RC1. Because of the somewhat invasive nature of some of the changes we have recently made, we are issuing a "release candidate" before we officially move to version 1.4.20. While we have been very careful to ensure the stability of SquirrelMail, this version, 1.4.20 release candidate 1, has undergone limited testing, and we'd like to have more feedback before we make version 1.4.20 final.

The most notable changes for this version are the addition of two security mechanisms that fight cross-site request forgeries (CSRF), the removal of some deprecated PHP functions, some minor fixes in the filters plugin, and increased user privacy. For more complete details, see the ReleaseNotes and ChangeLog files included in this release (in the doc/ directory).

Due to the security issues fixed herein, we'd like to advise all users of SquirrelMail software to upgrade. However, because this is technically a "release candidate", it may be most prudent to to test your upgrade before putting it into production use. We are confident that most systems will not experience any trouble, but we'll be happy to work with you to resolve any issues that do arise. Your feedback is highly appreciated.

SECURITY: SquirrelMail Webserver Compromise Update, and Plugin Status
Jul 31, 2009 by Jonathan Angliss
  We apologies for the extended downtime for the SquirrelMail plugins repository, and some of the SquirrelMail site documentation.

Plugins Compromise
During the initial announcement, we'd mentioned that we did not believe that any of the plugins had been compromised. Further investigation has shown that the following plugins were indeed compromised:

  • sasql-3.2.0
  • multilogin-2.4-1.2.9
  • change_pass-3.0-1.4.0

Parts of these code changes attempts to send mail to an offsite server containing passwords. We cannot establish a timeline of when these plugins were compromised. If you are a user of these plugins, it is strongly recommended you download a fresh copy from the plugins repository. MD5s for the good versions are below: 

a492922e5b0d2245d4e9bc255a7c5755  sasql-3.2.0.tar.gz
b143f2dc82f9e98dd43c632855255075  multilogin-2.4-1.2.9.tar.gz
2cff7c5d4f6f5d8455683bb5d96bb9fe  change_pass-3.0-1.4.0.tar.gz
Plugins Availability
As of now, the plugins are available to download again. I personally apologies for the extended outage of this, as I know some of you have been eager to get these back up and running again. Once again, if you notice any issues with the site, feel free to email.

SECURITY: SquirrelMail Webserver Compromised
Jun 16, 2009 by Jonathan Angliss
  At approximately 1700 GMT, on June 16, it was discovered that the SquirrelMail webserver had been compromised. The project administrators took immediate action to mitigate any futher compromises, locking all accounts out, and resetting critical passwords.

At this time, the SquirrelMail project administrators have shut down access to the original server, and put a temporary hold on access to the plugins. It is believed that none of the plugins have been compromised, but further investigations are still being executed.

The compromise of this server does not include a compromise of the source control, which is hosted on a separate repository managed by SourceForge.

Further details will be published as soon as the details have been uncovered.

ANNOUNCE: SquirrelMail 1.4.19 Released
May 21, 2009 by Thijs Kinkhorst
  The security fix to map_yp_alias in 1.4.18 turned out to be incomplete. We also experienced some regressions in the updated filter plugin. Both are addressed in this new release 1.4.19 which contains a few other small fixes aswell. If you do not use map_yp_alias or the filters plugin there's no urgent need to upgrade now if you already installed 1.4.18.

You can download it here.
Plugin Updates
Create Your Own Plugin

Compatibility
v2.0.15 on Nov 6, 2009

Login Manager
v3.10.2 on Nov 6, 2009

Add Address
v1.0.2 on Nov 3, 2009

CAPTCHA
v1.2.1 on Nov 3, 2009

Compose Extras
v0.8 on Nov 3, 2009

Email Footer
v0.6 on Nov 3, 2009

Spam Buttons
v2.3.1 on Nov 3, 2009

One-Time Password
v1.0 on Sep 8, 2009

Avelsieve - Sieve Filters
v1.9.9 (alpha) on Jun 1, 2009

Server Settings
v1.0 on May 20, 2009

Server Settings Backend
v1.0 on May 20, 2009

Spam Buttons
v2.3 on May 18, 2009

© 1999-2009 by The SquirrelMail Project Team