Thunderbird 68.5.0 out with new features and security updates
MZLA Technologies Corporation has released Thunderbird 68.5.0; this is the first release of Thunderbird under the newly founded parent company that is a wholly owned subsidiary of Mozilla Foundation.
Thunderbird 68.5.0 is already available via the email client's built-in updating system but also as a direct download on the project's official website Thunderbird.net.
Thunderbird users may select Help > About Thunderbird to run a check for updates from within the client. The new version should be picked up, downloaded and installed automatically at that point. A restart is required to complete the process.
Thunderbird 60.x installations are not automatically upgraded to the new version unless the calendar add-on Lightning is installed.
The long-standing issue when upgrading from Thunderbird 60.x to 68.x has not been fixed yet. Installed extensions are not updated automatically during the upgrade process; this may be necessary for compatibility purposes and some add-ons may be disabled as a consequence. The integrated update check for add-ons will check for new versions of installed extensions after the upgrade however.
The new version of the email client comes with two new features:
- Support for OAuth 2.0 authentication for POP3 accounts.
- Support for Client Identity IMAP/SMTP Service Extension
Both extend compatibility and are welcome additions to the email program's list of supported features.
The official release notes list four non-security fixes (three of which fix Calendar issues):
- Calendar: fixed option to remove color from for default categories.
- Calendar: fixed an issue that caused the calendar component to load multiple times.
- Calendar: fixed a bug that caused the Today pane's width not to be preserved across sessions.
- Fixed a status area bug that made it go blank during account setup.
Additionally, Thunderbird 68.5.0 includes several security updates. The list of fixed security issues reveals high, moderate and low issues that the team fixed in the new release.
Now You: Do you use Thunderbird? What's your take on recent versions and developments?
Will be a damned shame when it’s sold off to Avast.
Hopefully Avast will be shut down, but I doubt it. Whenever someone is making a lot of money from mass exploitation governments support it, whether it is legal or not. Who knows if Avast is part of the Five Eyes crime syndicate or not, it very well could be because McAfee and other AV companies are.
My biggest criticism would be that it, like Firefox (Pocket garbage), it comes with bloatware, like a calendar and chat. As with Firefox, it’s possible to disable these things.
In general, I am pleased with Thunderbird for similar reasons why I use Firefox. I like the UI which allows me to quickly access/do whatever I want, the ability to install extensions (like one to actually encrypt your mails) and that you can edit a lot of settings.
It has never failed me, but I don’t say that better software doesn’t exist. I just have no reason to consider switching.
> My biggest criticism would be that it, like Firefox (Pocket garbage), it comes with bloatware, like a calendar and chat. As with Firefox, itâ€™s possible to disable these things.
That’s not comparable. Calendar and chat are bloatware only in the sense that they are not core functions of a mail client, but they were added with only the interests of the users in mind and are not a nuisance in any way, I don’t even think that they should stop bundling them (even if the chat component is maybe a little outdated).
Pocket, on the other hand, is not only not core function of a web browser, but much worse than that, it’s *for-profit paid personalized ads* on your default homepage, aggravated by being *news ads*. And it is also an incitement from Mozilla to make an account to the privacy invasive Pocket service, not in your interest, but for them to make dirty bucks.
It’s important to distinguish what is simply not to one’s taste and what is a definite aggression against the users as a whole.
And there is more: if Google does something like Pocket integration, everybody just says well it’s Google, they’re evil we already know that, nothing new here. Mozilla has an extra responsibility when bundling adware because they are the ones people mistakenly think are on their side, so when they do it, people start thinking, adware itself is not evil. The more time passes, the more I think that this kind of things is the main mission that Google has affected to their pet company Mozilla, making people see as acceptable what everybody would have considered as evil if they had done it themselves.
Oh no, how dare Mozilla give you a damned good browser and mail client for free, and have the temerity to try to cover it’s costs somehow – those bastards. Just wait ’till Twitter finds out… Cancelled.
>Firefox (Pocket garbage)
well, you don’t spread the garbage away, you keep it all in one single package :^)
One thing that still does not work in Calendar is the support for saving user name and password for CalDAV accounts. Password has to be entered at each startup.
The only workaround is to specify username & password in the CalDAV URL:
This is obviously is not safe as the credentials are visible in plain text and not stored in the password manager.
i tried Thunderbird about 3 years ago and the deal breaker was that i couldnt import my outlook pst file. any idea if that has been addressed
Given that Microsoft relies upon its insular, proprietary pst file format it’s just not possible for Thunderbird to import it directly. You should however be able to transfer all your Outlook data over as long as you have both applications on the same computer. Thunderbird can then import your account and user data from Outlook itself, just not that vendor-locked pst file.
Here’s a more detailed guide:
Only thing that frustrates the heck out of me is that each update reenables the Lightning extension. I keep disabling it, they keep turning the thing back on. I have my reasons for not wanting to remove the extension, likewise for not wanting to have it running in the background.
>Support for OAuth 2.0 authentication for POP3 accounts.
>Support for Client Identity IMAP/SMTP Service Extension
>Both extend compatibility and are welcome additions to the email >program’s list of supported features.
Like lots of things Mozilla is in charge of, the “welcome additions” are not obviously welcome for us, but certainly welcome for Google. OAuth in Thunderbird is Google nefariously taking over the email protocols:
“Log in to Gmail (IMAP/SMTP) using OAuth in backend”
“There are bigger ramifications here. For me, one of the primary purposes of Thunderbird is to keep email an open and viable communication method, and to preserve open standards that can be implemented by anyone. In other words, one of the purposes of Thunderbird is to allow for other clients as well, on all kinds of platforms, for all kinds of usecases, not all of which are interactive (see e.g. Android app “SMS Backup+”).
By supporting OAuth in Thunderbird, we make it more likely that Google will make such obnoxious auth methods mandatory at some point in the future.
While it may be possible for Thunderbird to open a web browser window, it is not possible for other clients. Any email client would have to have a web browser, which I personally find ridiculous and dangerous.
More generally, right now, ISPs are limited to what the IMAP standard allows, and to the specific purpose of email. If we open a browser window and make auth dependent on that, it means that we hand control entirely over to Google. Google can do in that window whatever they want, and make completely arbitrary demands on IMAP users. Currently, IMAP sets the rules. This would be over.
So, I consider this to be a very dangerous move for the freedom of email.”
“Embrace, extend, and extinguish” is a phrase that the U.S. Department of Justice found was used internally by Microsoft to describe its strategy for entering product categories involving widely used standards, extending those standards with proprietary capabilities, and then using those differences to disadvantage its competitors.
That’s precisely what’s happening here. Google’s strategy is to bring everything to the web, and everything on their services and servers. Including email.
1. “entering product categories involving widely used standards” — email, using gmail
2. “extending those standards with proprietary capabilities” — OAuth for IMAP, this is happening right now
3. “using those differences to disadvantage its competitors” — because soon you won’t be able to use an email client without a web browser, which is a huge disadvantage for most situations where IMAP/SMTP is used. So why not use GMail web frontend straight? Email dead.
I don’t care what rationale they use. Steps 2 and 3 are dangerous.
(And forcing me to enter a working phone number – and *any* number -, just to access my own account, doesn’t count as “security” for me, but as privacy violation.)
Google knows they can’t just cut off Thunderbird. The blog post didn’t say they will, it’s vaguely phrased. This is power play, and they are testing waters. But if they go ahead with this and require OAuth or otherwise make using Thunderbird hard, we need to jump up and down in the press and cry “foul”. I’m not giving in.”
I have used Thunderbird for years, but have started to use it heavily in the last few months. It works for what I need, to sync up with my email, tasks, calendar events, and contacts. Not to mention weather I am on Windows 10, KDE Plasma desktop, or GNOME it looks the same and has everything in the same place.
@Mo: how does that affect the weather?
Anyone but nutjobs ignore such typos.
@TwoPence: anyone but those lacking a sense of humour cannot see the playfulness of my comment. Never mind, il en faut de tout pour faire un monde, as the French say.
And when you press ESC in the startup password prompt (if set), you have access to all already downloaded mail, right? Password protection in Thunderbird is laughable.
That’s crazy !! But I think passwd protection (master psswd) is to keep your psswds accounts safe, not to prevent sbdy to read your mails.
Uh, that’s because you set it that way…
Feel free to reenter pwds every time TBird starts.
@Damien: like Anon I was also under the impression the master password prevents unauthorised access to your emails too.
@Klaas Vaak, yes, it would be logical. Though I am sure there is an addon for that.
Waterfox has been sold, please report about it in depth:
It went to shit.