Note: this is a review of some of the more interesting features in this release. For a complete list of changes please be sure to read the UPDATING file.
Autocrypt provides easy to use, passive protection against data collection. It exchanges keys via email headers, and though doesn't protect against active adversaries, is still an easy way to minimize clear-text emails sent between common correspondants without having to explicitly exchange keys or deal with the details of OpenPGP.
Before enabling autocrypt in Mutt, please take the time to read the autocrypt section in the manual. By default, Mutt generates a new ECC key, and stores keys in a separate keyring. It's important to understand how it works and what's going on behind the scenes.
When enabled, a new line will appear in the compose menu, containing the autocrypt status, and output of the recommendation engine:
If the recommendation engine returns "Yes" and normal encryption/signing is off, autocrypt will automatically be enabled, as seen above. It's important to note that anything enabling normal encryption or signing will override autocrypt encryption. You can still see the status of the recommendation engine, but it won't automatically turn on autocrypt if normal encryption/signing is enabled:
Autocrypt can be manually enabled, disabled, or reset to automatic mode via the <autocrypt-menu> function, by default bound to "o":
$browser_sticky_cursor, set by default, tries to keep the cursor on the same mailbox across various operations (such as changing to a parent folder, modifying the mask, and creating directories).
It also tries to place the cursor on the currently open mailbox when opening the browser. A new function to browse mailboxes <browse-mailboxes> was added, and is bound by default to "y". This should replace any macros such as "<change-folder>?<toggle-mailboxes>", as it ensures the current mailbox is selected. (The macro suffers from a problem if the initial directory listing doesn't contain the currently open mailbox.)
This release provides a way to generate a single multipart/alternative part via an external filter script. $send_multipart_alternative is a quadoption enabling the filter, and the filter itself is specified via $send_multipart_alternative_filter. It may also be useful to set these variables via send or reply hooks, to control when and how alternatives are used.
The composed part (usually text/plain) will be piped into the filter. The output of the filter should be the generated mime type (e.g. "text/html"), a blank line, and the generated output. Note that the filter isn't allowed to generate a multipart type itself (due to current technical limitations).
The output of the filter can be previewed in the compose menu via the functions <view-alt>, <view-alt-text> and <view-alt-mailcap>, bound to "v", "Esc v" and "V" by default.
A sample filter has been included in contrib/markdown2html.
The $sidebar_folder_indent and $sidebar_short_path options have been changed to operate based on the preceding entries displayed in the sidebar. Indentation will be one more than the most recent greatest common path mailbox, and will be shortened based on that too.
Additionally, mailboxes are now prefixed with "~" or "=" in the same manner as other places in Mutt (such as the status bar, or in the browser menu).
$write_bcc has been changed to default unset. Several MTAs do not strip Bcc headers, making it dangerous to have this set by default. Sorry everyone, had I been aware of this issue before, I would have changed this earlier.
In order for your Fcc'ed copy to be accurate, I've disabled the option's effect on the Fcc'ed message. That will always have the Bcc header; only the sent message will be affected by $write_bcc.
"--with-regex" has been renamed to "--with-bundled-regex". The previous name incorrectly implied it was necessary for regex support. Almost all modern systems contain a suitable regex library, but if not the bundled regex can be used as a backup.
Additionally commit 367b1135 fixed undefined left-shift on negative value behavior in the bundled regex.c library, in case anyone was losing sleep over that. ;-)
$ssl_force_tls now defaults set. If you are connecting to a local server over clear text, be aware that you will need to unset it.
$ssl_use_tlsv1_3 was also added, default set.
In response to repeated requests by the security minded, $user_agent is default unset. However, for those who wish to show their Mutt Love, you can still enable this yourself.
The unattachments command now accepts "*" to remove all attachment counting entries.
Also, $count_alternatives has been added to scan inside multipart/alternatives for matching attachments. Traditionally attachments are not supposed to be there, but some crazy mail clients decide to put them in one of the alternatives. Set this to find and count those too.
$size_show_bytes, $size_show_mb, $size_show_fractions, and $size_units_on_left have been added to control how bytes are displayed in various format string expandos. See Bytes size display in the manual for more details.
Only the most observant will have noticed, but format=flowed space stuffing has been accidentally disabled in Mutt for several years. Commit 4959e8d4 reenabled this. It also changed Mutt to automatically unstuff/stuff around every message editing operation, as opposed to only after the first edit.
A lot of internal improvements happened during this development cycle too: