Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties
|
NEWS: G/PGP Plugin Revived
Mar 21, 2010 by Paul Lesniewski
|
|
The G/PGP Encryption Plugin plugin is a crucial add-on for many SquirrelMail installations, so we were sorry to see it fall into disrepair in the recent past. However, we've now revived it and a new, working version is in testing. If you'd like to help test, ask on the squirrelmail-plugins mailing list or ask Paul directly. |
ANNOUNCE: SquirrelMail 1.4.20 Released
Mar 07, 2010 by Paul Lesniewski
|
|
The SquirrelMail Team is pleased to announce the release of SquirrelMail version 1.4.20. This release makes final the changes implemented in our last two release candidates and adds several smaller fixes and feature improvements.
Of those new fixes and improvements not included in our last release candidate, the most notable fix is that for the formerly broken search page, but we've also fixed sorting in the Sent folder, handling of complex mailto: addresses, display of multibyte subjects, quoting of encoded headers, automatic installation address detection (especially useful for lighttpd environments), a privacy issue related to DNS prefetching of email content, and added unread links in the message view and a Gmail IMAP configuration option.
For more complete details, see the ReleaseNotes and ChangeLog files included in this release (in the doc/ directory).
Due to the security fixes included in our last two release candidate packages, we advise all users of SquirrelMail versions 1.4.19 and below to upgrade.
|
NEWS: SquirrelMail appears in "Management"
Aug 29, 2009 by Jonathan Angliss
|
|
Courtesy of a keen eyed squirrel user, it was pointed out that SquirrelMail has a staring roll in the 2008 movie 'Management'. Check it out, appears about 15 mins in. Thanks Alex for the keen eyes. |
ANNOUNCE: SquirrelMail 1.4.20 Release Candidate 2 Now Available
Aug 18, 2009 by Paul Lesniewski
|
|
Hot on the coattails of 1.4.20 release candidate 1, we received some helpful feedback from our friends at Secunia Research and have followed up with another release candidate. The risk of using the 1.4.20 release candidate 1 package instead of this one is very low, but we encourage the community to help test code that we hope to release as officially stable in the
near future. Those who can upgrade to release candidate 2 are encouraged to do so! |
ANNOUNCE: SquirrelMail 1.4.20 Release Candidate 1 Now Available
Aug 12, 2009 by Paul Lesniewski
|
|
The SquirrelMail Team is pleased to bring you the first release candidate ahead of our next SquirrelMail version: 1.4.20RC1. Because of the somewhat invasive nature of some of the changes we have recently made, we are issuing a "release candidate" before we officially move to version 1.4.20. While we have been very careful to ensure the stability of SquirrelMail, this version, 1.4.20 release candidate 1, has undergone limited testing, and we'd like to have more feedback before we make version 1.4.20 final.
The most notable changes for this version are the addition of two security mechanisms that fight cross-site request forgeries (CSRF), the removal of some deprecated PHP functions, some minor fixes in the filters plugin, and increased user privacy. For more complete details, see the ReleaseNotes and ChangeLog files included in this release (in the doc/ directory).
Due to the security issues fixed herein, we'd like to advise all users of SquirrelMail software to upgrade. However, because this is technically a "release candidate", it may be most prudent to to test your upgrade before putting it into production use. We are confident that most systems will not experience any trouble, but we'll be happy to work with you to resolve any issues that do arise. Your feedback is highly appreciated. |
SECURITY: SquirrelMail Webserver Compromise Update, and Plugin Status
Jul 31, 2009 by Jonathan Angliss
|
|
We apologies for the extended downtime for the SquirrelMail plugins
repository, and some of the SquirrelMail site documentation.
Plugins Compromise
During the initial announcement, we'd mentioned that we did not
believe that any of the plugins had been compromised. Further
investigation has shown that the following plugins were indeed
compromised:
- sasql-3.2.0
- multilogin-2.4-1.2.9
- change_pass-3.0-1.4.0
Parts of these code changes attempts to send mail to an offsite
server containing passwords. We cannot establish a timeline of when
these plugins were compromised. If you are a user of these plugins,
it is strongly recommended you download a fresh copy from the
plugins repository. MD5s for the good versions are below:
a492922e5b0d2245d4e9bc255a7c5755 sasql-3.2.0.tar.gz
b143f2dc82f9e98dd43c632855255075 multilogin-2.4-1.2.9.tar.gz
2cff7c5d4f6f5d8455683bb5d96bb9fe change_pass-3.0-1.4.0.tar.gz
Plugins Availability
As of now, the plugins are available to download again. I
personally apologies for the extended outage of this, as I know some
of you have been eager to get these back up and running again. Once
again, if you notice any issues with the site, feel free to email.
|
|
Plugin Updates
Create Your Own Plugin
Vadmin
v3.0 on Mar 6, 2010
Add Header
v1.0 on Feb 22, 2010
Multilogin
v2.4.2 on Feb 15, 2010
Add Address
v1.0.3 on Feb 8, 2010
Quick Save
v2.4.5 on Feb 4, 2010
Compatibility
v2.0.16 on Feb 1, 2010
Login Check
v1.0 on Feb 1, 2010
Get UUencode
v3.2 on Jan 30, 2010
Message Flags & Icons
v1.4.20 on Dec 28, 2009
Reset User Preferences
v1.2 on Dec 28, 2009
Restrict Senders
v1.5 on Dec 28, 2009
Change Password
v3.1 on Dec 9, 2009
|
|
|
|
