A new version of the open source Thunderbird email client is now available. Thunderbird 91.8.0 includes security updates and makes an important change to Google Mail account authentications
The new version of Thunderbird is already in distribution. It should be installed automatically on most systems in the coming days and weeks. Thunderbird users who want to speed up the process may select Help > About Thunderbird to run a manual check for updates. The update should be picked up by the email client at that point and it will be installed immediately.
The biggest change in the point release changes the authentication method for Google mail accounts. It is an automatic conversion that should work without issues for most users. The conversion to oAuth 2.0 is required as Google plans to drop username and password authentication options for third-party apps and devices on May 30, 2022.
The change improves account security according to Google as it gives users more control over third-party application and site access.
Thunderbird users who have disabled cookies in the email client will notice that the new authentication method does not work without them. It is required to enable cookies as the OAuth token requires it. Cookies may be disabled after the successful authentication, but since cookies will expire eventually, it would be necessary to re-enable them whenever a new cookie needs to be set.
You may check the cookies setting in Thunderbird in the following way:
- Select Tools > Preferences. If you don’t see the menu, tap on the Alt-key to display it.
- Select Privacy & Security from the sidebar.
- The setting “Accept cookies from sites” determines if cookies are allowed in Thunderbird. Check the box to enable cookies if it is not checked.
You may want to disable accepting third-party cookies while you are at it. There is also a “show cookies” button that lists all stored cookies. You may remove some of them using the interface.
Other changes in Thunderbird 91.8.0
Thunderbird 91.8.0 includes security fixes. These have not been published publicly yet. You may check the security advisory website of the Thunderbird project later to find out about them. This article will be updated once the information becomes publicly available.
The remaining changes are bug fixes:
- Multiple public PGP keys can now be exported.
- Fixed importing OpenPGP ECC keys importing into GnuPG.
- Fixed opening mid: URLs on Mac OS.
- Replying to a newsgroup message displayed a “No-Reply” popup warnings erroenously.
- Old format address books were loaded as SQLite files, which caused a crash.
- Replicated LDAP directories were lost when Thunderbird was set to run in Offline mode.
- Webcals importing failed from the command line if the file type of the URI ended with .ics.
You can check out the full release notes here.