Release notes Kolab2 Server
(Version 20070205, Kolab Server 2.1 rc 1)

This is a development snapshot of the kolab server leading up to a 2.1
release.  For upgrading and installation instructions, please refer to
the 1st.README file in the source directory.

These topics need testing in 2.1 rc 1:

 - Upgrades from Kolab server 2.0, see 1st.README and UPGRADING.20-21.
 - Changed imapd database format for annotations.db and mailboxes.db
 - New free/busy code
 - Duplicate suppression is disabled, see kolab/issue1532


Differences between Kolab 2.0.x and 2.1:

    - Simple multi-domain support

      The Kolab server can now accept mail for multiple email domains.
      There is also a new class of maintainers which are only allowed to
      manage settings for a subset of the mail domains of the kolab
      server.

    - Hashed IMAP spool

      The default imapd configuration has been changed to enable the
      hashimapspool option.  This means that in 2.1 the default directory
      layout of the imapd spool (/kolab/var/imapd/spool/) is different from
      the one in 2.0. When you upgrade from 2.0 it's best to keep using the
      old structure, so remove or comment out the corresponding line in
      /kolab/etc/kolab/templates/imapd.conf.template *before* running
      kolabconf. For new installations the new default setting is recommended
      because it's more efficient especially when you have many mailboxes.
      For details see kolab/issue1089.


Changes since 2.1 beta 4:

    - kolabd-2.0.99-20070205

	kolab/issue1335 (pfbcache.db locking problems)
	kolab/issue1507 (Public viewable phpinfo() and more in Server default installation)
	kolab/issue1550 (Masquerade problem, corrected template)
	kolab/issue1563 (freebusy.conf template doesn't match freebusy.conf from package)
	kolab/issue1575 (Openldap enhanced data integrity)

    - kolab-webadmin-2.0.99-20070205

	Disabled Spanish language selection from web admin interface, because
	of missing translation.

	kolab/issue1479 ("Type" of shared folder can only be modified in 2nd try)
	kolab/issue1486 ("About Kolab" in Webinterface needs work over)
	kolab/issue1539 (extension to the opening text, when the manager logs in for the 1st time)
	kolab/issue1559 (Domain Maintainer cannot delete "his" users)
	kolab/issue1586 ("Required field" not translated to German in web admin)
	kolab/issue1592 (LANGUAGE variable overrides web admin language selection)


Changes since 2.1 beta 3:

    - clamav-0.88.7-20061211

	bypass virus detection (CVE-2006-6406),
	denial of service, remotely exploitable (CVE-2006-6481)
	(http://kolab.org/security/kolab-vendor-notice-14.txt)

    - kolabd-2.0.99-20070117

	Updated proftpd.conf template: LDAPHomedirOnDemand(Prefix) is
	now named LDAPGenerateHomedir(Prefix).

	Set imapidlepoll to 5 seconds in imapd.conf.template.in.

	kolab/issue1433 (Some files in /kolab/etc/postfix have wrong ownership)
	kolab/issue1484 (Warnings using openldap = 2.3.27-2.20061018_kolab)
	kolab/issue1487 (amavisd.conf mynetworks incomplete)
	kolab/issue1531 (amavisd.conf local_domains only contains primary domain)
	kolab/issue1532 (Set "duplicatesuppression: 0" in imapd.conf.template?)

    - kolab-horde-fbview-2.0.99-20070112

	Improvements to the week view (part of kolab/issue666)

	Removed dangerous php scripts (part of kolab/issue1507)

    - kolab-resource-handlers-2.0.99-20070117

	kolab/issue1490 (freebusy cache written to /kolab/kolab/...)
	kolab/issue1512 (No FB information for resource accounts)
	kolab/issue1558 (kolab-webadmin and php 5.2.0)

    - kolab-webadmin-2.0.99-20070117

	kolab/issue1013 (user passwords sha1 encoded without salt)
	kolab/issue1262 (Setting quota to 4096+ MB breaks message delivery)
	kolab/issue1418 (fields visible even when attribute_access is "hidden" in session_vars.php)
	kolab/issue1540 (Typo on kolab/admin/service page)
	kolab/issue1555 (Login screen shows error msg for no good reason)

    - openldap-2.3.29-2.20061110_kolab

	New upstream version, fixes CVE-2006-5779 (Bugtraq ID 20939)

    - perl-kolab-5.8.7-20070117

	Only print warning about missing configuration variable if relevant.

	kolab/issue1550 (Masquerade problem)


Changes since 2.1 beta 2:

    - openpkg-2.5.4-2.5.4

	New upstream version.

    - apache-1.3.33-2.5.6

	denial of service and possibly arbitrary code execution via crafted
	URLs that are not properly handled using certain rewrite rules.
	http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html

    - gzip-1.3.5-2.5.1

	denial of service, arbitrary code execution
	http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html

    - curl-7.15.0-2.5.2

	buffer overflow
	http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.012-curl.html

    - openssl-0.9.8a-2.5.4

	denial of service, may allow execution of arbitrary code
	(http://kolab.org/security/kolab-vendor-notice-12.txt)

    - clamav-0.88.5-2.20061018

	buffer overflow, remotely exploitable (CVE-2006-4018)
	(http://kolab.org/security/kolab-vendor-notice-10.txt)

	heap overflow, remotely exploitable (CVE-2006-4182),
	denial of service, remotely exploitable (CVE-2006-5295)
	(http://kolab.org/security/kolab-vendor-notice-13.txt)

    - file-4.15-2.5.0_kolab

	kolab/issue1458 (Password protected .sxw files can be banned by
	                 amavisd, as a result of the file command)

    - openldap-2.3.27-2.20061018_kolab

	New upstream version, fixes CVE-2006-4600 (Bugtraq ID 19832)
	and other problems.

	kolab/issue1229 (Master openldap's slurpd fails to start after
	                 adding slave)
	kolab/issue1431 (Slave cannot access master ldap server via SSL)

    - imapd-2.2.12-2.5.0_kolab2

	Fix folder structure for foldernames with non-alphanumeric characters,
	when using skiplist as the database backend for mailboxes.db.

    - perl-kolab-5.8.7-20061110

	kolab/issue1194 (serious performance problem on high number of users)

    - kolabd-2.0.99-20061110

	Added missing relay service for postfix.

	Changed main.cf masquerading defaults so email to
	user@machine.example.org is actually delivered.

	Use mailbox_transport instead of local_transport for
	kolabmailboxfilter to work around issue825.

	Removed doubled attribute cyrus-autocreatequota.

	Added indexes for delegate and delete.

	Updated freebusy.conf template for freebusy IMAP caching.

	Changed imapd.conf template to use berkeley db instead of
	skiplist for annotations.db and mailboxes.db as a workaround
	for kolab/issue840 (Annotations needs to be more robust).

	kolab/issue824  (kolabmailboxfilter run once for each recipient)
	kolab/issue1264 (Add support for sieve based notifications)
	kolab/issue1273 (Sending as delegate broken in Kolab server 2.1)
	kolab/issue1428 (Fixed locking issue)
	kolab/issue1433 (Some files in /kolab/etc/postfix have wrong ownership)

    - kolab-webadmin-2.0.99-20061110

	Fixes for setting folder type of shared folders.

	Guard against large number of users.

	kolab/issue1457 (updated French translation)

    - kolab-resource-handlers-2.0.99-20061110

	Improvements and fixes for freebusy IMAP caching.

	kolab/issue815  (invitation replies vanish in resmgr)
	kolab/issue957  (All-day events from Outlook don't show up in freebusy)
	kolab/issue974  (Localize the text for rewritten From: headers)
	kolab/issue1042 (empty lines at the end of mails delivered via LMTP)
	kolab/issue1352 (resmgr can create wrong range dates)
	kolab/issue1387 (resmgr replies to replies creating mail loop)
	kolab/issue1422 (Dummy freebusy info)


Changes since 2.1 beta 1:

    OpenPKG updates:

      openpkg-2.5.2-2.5.2
      openpkg-registry-0.2.7-20060223
      libxslt-1.1.15-2.5.1
      php-smarty-2.6.10-20051003
      clamav-0.88.2-20060524

      binutils-2.16.1-2.5.1
	http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.009-binutils.html

      openldap-2.3.11-2.5.1
	http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.008-openldap.html


    Kolab updates:

      More distconf changes by Richard Bos and Markus Hüwe.

      - perl-kolab-5.8.7-20060619

	Resolved:
	    Issue1194 (kolabd quota performance)
	    Issue1220 (postfix permissions)
	    issue1237 (Handling of @@@var@@@ in Conf.pm (Gunnar Wrobel))

      - kolabd-2.0.99-20060619

	* The default imapd configuration has been changed to enable the
	  hashimapspool option.  This affects the upgrade procedure.
	  See 1st.README for upgrade instructions.

	* amavis now logs to /kolab/var/amavisd/amavisd.log.  This is
	  part of the fix for Issue1015

	Resolved:
	    Issue1015 (fixing logging and logrotate for amavisd)
	    Issue1089 (enable hashimapspool for imapd to cope with many users)
	    Issue1101 (allowapop: no; disable apop access to imapd by default)
	    Issue1105 (fix compilation of kolabd on FreeBSD)
	    Issue1257 (wrong attribute name for imap quota)

      - kolab-webadmin-2.0.99-20060619

	* patch from Tobias König in order to support setting of
	  foldertype for public folders

	Resolved:
	    Issue848 (Modifying address book entry may break distribution list)
	    Issue1106 (email validation in webgui)
	    Issue1214 (number of days for vacation messages on webinterface)
	    Issue1263 (Bug in the shared folders folder-type code) [Wrobel]

      - kolab-resource-handlers-2.0.99-20060619

	* create empty pfbcache.db if missing

	Resolved:
	    Issue973 (quoting and rewriting From header)
	    Issue966 (Wrong CN for resource accounts)
	    Issue1042 (server modifies email content)
	    Issue1195 (error message in bounce)
	    Issue1243 (rewriting fails when "From:" contains quoted printable)
	    Issue1245 (rewriting problems on folded Header "From:"-line)


$Id: release-notes.txt,v 1.82 2007/02/05 16:44:48 thomas Exp $