[announce] IMP 3.2.5 (final)
Jan Schneider
jan at horde.org
Fri Jul 30 03:37:41 PDT 2004
The Horde Team is pleased to announce the official release of the IMP Webmail
Client version 3.2.5.
IMP is the Internet Messaging Program. IMP allows universal, Web-based access
to IMAP and POP3 servers and provides full support for sending and receiving
attachments, and many other features normally only found in desktop email
clients.
Changes in this release:
- SECURITY: Closed an XSS hole in the HTML viewer, a variation to the one
reported in http://www.greymagic.com/security/advisories/gm005-mc/.
This vulnerability only exists when using the Internet Explorer to
access IMP and only when using the inline MIME viewer for HTML messages.
- Commented out the complete <style> tags in the HTML viewer to avoid CSS
code appearing in the message.
- Fixed a cosmetic issue with broken mail servers that return quotes where
they should not (Bug #292).
- Updated translations: Estonian, German.
Thanks to Martijn Brinkers for reporting the XSS vulnerability.
The full list of changes (from version 3.2.4) can be viewed here:
http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.106&r2=1.389.2.109&ty=h
The IMP 3.2.5 distribution is available from the following locations:
ftp://ftp.horde.org/pub/imp/imp-3.2.5.tar.gz
http://ftp.horde.org/pub/imp/imp-3.2.5.tar.gz
Patches against version 3.2.4 are available at:
ftp://ftp.horde.org/pub/imp/patches/patch-imp-3.2.4-3.2.5.gz
http://ftp.horde.org/pub/imp/patches/patch-imp-3.2.4-3.2.5.gz
Or, for quicker access, download from your nearest mirror:
http://www.horde.org/mirrors.php
MD5 sums for the packages are as follows:
464139cd4871b4547194cc73f79d0e38 imp-3.2.5.tar.gz
6d088b91a32470a0e469486350943780 patch-imp-3.2.4-3.2.5.gz
Have fun!
The Horde Team.
More information about the announce
mailing list