From 0b7e26c1bf6bc7a684eb3a214d92d3927306cd8a Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 16 May 2016 02:56:42 -0400
Subject: [PATCH] Update changelog

---
 INSTALL |   87 +++++++++++++++++++++++++++++++------------
 1 files changed, 62 insertions(+), 25 deletions(-)

diff --git a/INSTALL b/INSTALL
index 0e8ae08..9b5af88 100644
--- a/INSTALL
+++ b/INSTALL
@@ -11,56 +11,66 @@
 
 * The Apache, Lighttpd, Cherokee or Hiawatha web server
 * .htaccess support allowing overrides for DirectoryIndex
-* PHP Version 5.2.1 or greater including
-   - PCRE, DOM, JSON, XML, Session, Sockets (required)
-   - PHP Data Objects (PDO) with driver for either MySQL, PostgreSQL or SQLite (required)
-     Note: MySQL database driver requires PHP 5.3 or newer.
-   - Libiconv, Zip (recommended)
-   - Fileinfo, Mcrypt, mbstring (optional)
+* PHP Version 5.3.7 or greater including:
+   - PCRE, DOM, JSON, Session, Sockets, OpenSSL, Mbstring (required)
+   - PHP PDO with driver for either MySQL, PostgreSQL, SQL Server, Oracle or SQLite (required)
+   - Libiconv, Zip, Fileinfo, Intl, Exif (recommended)
+   - LDAP for LDAP addressbook support (optional)
 * PEAR packages distributed with Roundcube or external:
-   - Mail_Mime 1.8.1 or newer
-   - Mail_mimeDecode 1.5.5 or newer
-   - Net_SMTP (latest from https://github.com/pear/Net_SMTP/)
+   - Mail_Mime 1.10.0 or newer
+   - Net_SMTP 1.7.1 or newer
+   - Net_Socket 1.0.12 or newer
    - Net_IDNA2 0.1.1 or newer
    - Auth_SASL 1.0.6 or newer
+   - Net_Sieve 1.3.2 or newer (for managesieve plugin)
+   - Crypt_GPG 1.4.1 or newer (for enigma plugin)
 * php.ini options (see .htaccess file):
    - error_reporting E_ALL & ~E_NOTICE (or lower)
    - memory_limit > 16MB (increase as suitable to support large attachments)
    - file_uploads enabled (for attachment upload features)
    - session.auto_start disabled
-   - zend.ze1_compatibility_mode disabled
    - suhosin.session.encrypt disabled
    - mbstring.func_overload disabled
    - magic_quotes_runtime disabled
    - magic_quotes_sybase disabled
-* PHP compiled with OpenSSL to connect to IMAPS and to use the spell checker
-* A MySQL (4.0.8 or newer), PostgreSQL, MS SQL Server (2005 or newer) database engine
-  or SQLite support in PHP
+   - register_globals disabled (PHP < 5.4)
+* A MySQL (4.0.8 or newer), PostgreSQL, MS SQL Server (2005 or newer), Oracle
+  database or SQLite support in PHP
 * One of the above databases with permission to create tables
 * An SMTP server (recommended) or PHP configured for mail delivery
+* Composer installed either locally or globally (https://getcomposer.org)
 
 
 INSTALLATION
 ============
 
 1. Decompress and put this folder somewhere inside your document root
-2. Make sure that the following directories (and the files within)
+2. Install dependencies using composer:
+   - get composer from https://getcomposer.org/download/
+   - rename the composer.json-dist file into composer.json
+   - if you want to use LDAP address books, enable the LDAP libraries in your
+     composer.json file by moving the items from "suggest" to the "require"
+     section (remove the explanation texts after the version!).
+   - run `php composer.phar install --no-dev`
+3. Make sure that the following directories (and the files within)
    are writable by the webserver
    - /temp
    - /logs
-3. Create a new database and a database user for Roundcube (see DATABASE SETUP)
-4. Point your browser to http://url-to-roundcube/installer/
-5. Follow the instructions of the install script (or see MANUAL CONFIGURATION)
-6. After creating and testing the configuration, remove the installer directory
-7. Check Known Issues section of this file
-8. Done!
+4. Create a new database and a database user for Roundcube (see DATABASE SETUP)
+5. Point your browser to http://url-to-roundcube/installer/
+6. Follow the instructions of the install script (or see MANUAL CONFIGURATION)
+7. After creating and testing the configuration, remove the installer directory
+8. Check Known Issues section of this file
 
 
 CONFIGURATION HINTS
 ===================
 
+IMPORTANT! Read all comments in defaults.inc.php, understand them
+and configure your installation to be not surprised by default behaviour.
+
 Roundcube writes internal errors to the 'errors' log file located in the logs
-directory which can be configured in config/main.inc.php. If you want ordinary
+directory which can be configured in config/config.inc.php. If you want ordinary
 PHP errors to be logged there as well, enable the 'php_value error_log' line
 in the .htaccess file and set the path to the log file accordingly.
 
@@ -74,6 +84,7 @@
 ==============
 
 Note: Database for Roundcube must use UTF-8 character set.
+Note: See defaults.inc.php file for examples of DSN configuration.
 
 * MySQL
 -------
@@ -132,16 +143,42 @@
 MANUAL CONFIGURATION
 ====================
 
-First of all, rename the files config/*.inc.php.dist to config/*.inc.php.
-You can then change these files according to your environment and your needs.
-Details about the config parameters can be found in the config files.
-See http://trac.roundcube.net/wiki/Howto_Install for even more guidance.
+First of all, copy the sample configuration file config/config.inc.php.sample
+to config/config.inc.php and make the necessary adjustments according to your
+environment and your needs. More configuration options can be copied from the
+config/defaults.inc.php file into your local config.inc.php file as needed.
+Read the comments above the individual configuration options to find out what
+they do or read http://trac.roundcube.net/wiki/Howto_Install for even more
+guidance.
 
 You can also modify the default .htaccess file. This is necessary to
 increase the allowed size of file attachments, for example:
 	php_value       upload_max_filesize     2M
 
 
+SECURE YOUR INSTALLATION
+========================
+
+Access through the webserver to the following directories should be denied:
+
+  /config
+  /temp
+  /logs
+
+Roundcube uses .htaccess files to protect these directories, so be sure to
+allow override of the Limit directives to get them taken into account. The
+package also ships a .htaccess file in the root directory which defines some
+rewrite rules. In order to properly secure your installation, please enable
+mod_rewrite for Apache webserver and double check access to the above listed
+directories and their contents is denied.
+
+NOTE: In Apache 2.4, support for .htaccess files has been disabled by
+default. Therefore you first need to enable this in your Apache main or
+virtual host config by with:
+
+ AllowOverride all
+
+
 UPGRADING
 =========
 

--
Gitblit v1.9.1