[announce] Horde Groupware 1.1.5 (final)
Jan Schneider
jan at horde.org
Tue Jan 27 17:37:00 UTC 2009
The Horde Team is pleased to announce the final release of the Horde Groupware
version 1.1.5.
This is a minor security release that fixes unescaped output in the tag cloud
search script, and validates the Horde_Image driver name to prevent a possible
local file inclusion vulnerability. All users are encouraged to
upgrade to this
release. Thanks to Gunnar Wrobel for finding these issues in a code audit.
Horde Groupware is a free, enterprise ready, browser based collaboration
suite. Users can manage and share calendars, contacts, tasks and notes
with the
standards compliant components from the Horde Project.
The major changes compared to the Horde Groupware version 1.1.4 are:
* Fixed unescaped output in the tag cloud block.
* Fixed unvalidated Horde_Image driver name.
The full list of changes (from version 1.1.4) can be viewed here:
http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.28.2.2&r2=1.28.2.5&ty=h
The Horde Groupware 1.1.5 distribution is available from the following
locations:
ftp://ftp.horde.org/pub/horde-groupware/horde-groupware-1.1.5.tar.gz
http://ftp.horde.org/pub/horde-groupware/horde-groupware-1.1.5.tar.gz
Patches against version 1.1.4 are available at:
ftp://ftp.horde.org/pub/horde-groupware/patches/patch-horde-groupware-1.1.4-1.1.5.gz
http://ftp.horde.org/pub/horde-groupware/patches/patch-horde-groupware-1.1.4-1.1.5.gz
Or, for quicker access, download from your nearest mirror:
http://www.horde.org/mirrors.php
MD5 sums for the packages are as follows:
ac7759e460e0215c2ba5165f62aa5e5c horde-groupware-1.1.5.tar.gz
8e082b246b0f9e1418733bdb38fd3c28 patch-horde-groupware-1.1.4-1.1.5.gz
Have fun!
The Horde Team.
More information about the announce
mailing list