This release fixes several reported XSS
(cross-site scripting) vulnerabilities. Languages
and character sets in OpenWebMail have now been
standardized on ISO-3066. UTF-8 character sets are
now generated during system setup for almost all
languages. Timezones can now be supported from the
system zoneinfo file. Changelogs are now generated
from SVN.
A number of security vulnerabilities have been
addressed in this release. Addressbook quick
selection is now available. Using either SentDate
and Received Date as a message timestamp is
supported. Message indexing speed was doubled. A
silent title bar "unread message count"
notification was implemented.
This release features greatly improved multiple charset
support, attachment deletion support in reading messages,
file permission modification support in Webdisk, displaying a
message with its own charset, multiple global address book
support, and URL support in file uploading. It also fixes a
problem with unexpected process death because of an
aborted piped child, huge memory usage because of
improperly handling of a disconnected POP3 server,
improperly parsing of DEFAULT_* options, and problems with
global address book corruption because of running
conversion for more than once.
This release has a new vCard compliant addressbook, charset support in calendar, speed improvements in the mail filter, and per-user spamassassin configuratin file editing support. It also fixes the following problems: the Perl $1 taintness bug in some version of Perl, the problem that some pam modules doen't check the old passwd before changing the passwd, the "application bug: perl5.8.3 has SIGCHLD set to SIG_IGN but calls wait()..." warning in the system log on Linux systems, and the "recursive call...,out of memory!" error in the httpd error log.
This release has the following changes: a new option enable_globalfilter, a learnspam icon, and better support for unofficial charsets. It also fixes the too many zombie processes problem with Perl 5.8.4 or later, the incorrect size and message count summary of folders in some cases, the improperly parsed DEFAULT options in the config file, and the incorrect import/export address book routines that didn't handle fields with comma or multiple lines.