[announce] IMP 3.2.5 (final)

Jan Schneider jan at horde.org
Fri Jul 30 03:37:41 PDT 2004


The Horde Team is pleased to announce the official release of the IMP Webmail
Client version 3.2.5.

IMP is the Internet Messaging Program. IMP allows universal, Web-based access
to IMAP and POP3 servers and provides full support for sending and receiving
attachments, and many other features normally only found in desktop email
clients.

Changes in this release:
    - SECURITY: Closed an XSS hole in the HTML viewer, a variation to the one
      reported in http://www.greymagic.com/security/advisories/gm005-mc/.
      This vulnerability only exists when using the Internet Explorer to
      access IMP and only when using the inline MIME viewer for HTML messages.
    - Commented out the complete <style> tags in the HTML viewer to avoid CSS
      code appearing in the message.
    - Fixed a cosmetic issue with broken mail servers that return quotes where
      they should not (Bug #292).
    - Updated translations: Estonian, German.

Thanks to Martijn Brinkers for reporting the XSS vulnerability.

The full list of changes (from version 3.2.4) can be viewed here:

http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.106&r2=1.389.2.109&ty=h

The IMP 3.2.5 distribution is available from the following locations:

    ftp://ftp.horde.org/pub/imp/imp-3.2.5.tar.gz
    http://ftp.horde.org/pub/imp/imp-3.2.5.tar.gz

Patches against version 3.2.4 are available at:

    ftp://ftp.horde.org/pub/imp/patches/patch-imp-3.2.4-3.2.5.gz
    http://ftp.horde.org/pub/imp/patches/patch-imp-3.2.4-3.2.5.gz

Or, for quicker access, download from your nearest mirror:

    http://www.horde.org/mirrors.php

MD5 sums for the packages are as follows:

    464139cd4871b4547194cc73f79d0e38  imp-3.2.5.tar.gz
    6d088b91a32470a0e469486350943780  patch-imp-3.2.4-3.2.5.gz

Have fun!

The Horde Team.


More information about the announce mailing list