This release contains a large number of performance enhancements, stability fixes, and a few bug/security fixes. The most important thing to note when upgrading to version 1.4.22 is that due to a fix for the folder list display, administrators who had their configuration file set to work around this issue previously will need to update their configuration. This release also addresses several security issues, including some harsh but hard to exploit XSS bugs, a general clickjacking vulnerability, and a small problem with message sanitizing.
This is primarily a maintenance release which addresses a smattering of small issues and adds some fine-tuning of recent changes. It also closes two relatively low-risk security issues.
This release makes final the changes implemented in the last two release candidates and adds several smaller fixes and feature improvements. The formerly broken search page was fixed. Sorting is done in the Sent folder. Complex mailto: addresses can be handled. Multibyte subjects can be displayed. Encoded headers can be quoted. Installation address is automatically detected (which is especially useful for lighttpd environments). A privacy issue related to DNS prefetching of email content was fixed. Unread links were added in the message view. A Gmail IMAP configuration option was added.
This release addresses a security hole, removes the use of some deprecated PHP functions, fixes a problem in the filters plugin, and addresses some privacy issues. Because of the somewhat invasive nature of the changes required for the security and deprecation issues addressed herein, this "release candidate" is being released before officially moving to version 1.4.20. This version has undergone limited testing.
