mailing list archives
[SM-ANNOUNCE] SquirrelMail 1.4.5 Released
From: Jonathan Angliss <jon () squirrelmail org>
Date: Wed, 13 Jul 2005 14:12:31 -0500
-----BEGIN PGP SIGNED MESSAGE-----
It is my proud pleasure to announce the final release of SquirrelMail
This release is very important, and we strongly advise everybody to
update to the latest release.
This version contains a number of security updates that were brought
to our attention via a number of sources.
Several cross site scripting exploits were uncovered by Martijn
Brinkers and have been assigned the CAN-2005-1769.
Another vulnerability was uncovered by James Bercegay, from GulfTech
Security Research, which would allow a user to craft a special page
that might permit them to overwrite other user settings. This has
been assigned the ID CAN-2005-2095.
Further details on SquirrelMail vulnerabilities can be found at the
We strongly encourage any persons uncovering Security issues to
contact the SquirrelMail team via security () squirrelmail org
In This Release
This release contains mostly bug fixes, including corrections for PHP
behaviour changes in file handling, and some data types. We've also
added support for the SquirrelSpell plugin under safe_mode if using
PHP 4.3.0 or higher. Other changes include support for Priority
headers, new Tahoma style sheets, and fixes in saving of searches.
For further information about the changes involved in this release,
please see the ChangeLog and ReleaseNotes files included with the
The latest release can be downloaded from the SquirrelMail website at
The SquirrelMail development Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
-----END PGP SIGNATURE-----
- [SM-ANNOUNCE] SquirrelMail 1.4.5 Released Jonathan Angliss (Jul 13)