[announce] Horde 3.0.1 (final)

Jan Schneider jan at horde.org
Tue Jan 4 10:01:09 PST 2005


The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.0.1.

The Horde Application Framework is a modular, general-purpose web application
framework written in PHP.  It provides an extensive array of classes that are
targeted at the common problems and tasks involved in developing modern web
applications.

Major new changes in this release:
    * Closed two XSS vulnerabilities.
    * Fixed folder views in IMP on some IMAP servers.
    * Fixed doubled application menus.
    * Fixed deletion of identities.
    * Worked around problems if no DataTree driver had been specified.
    * Minor bug and layout fixes.

The XSS vulnerabilities can be exposed by making an authenticated user click
on a specially crafted URL and allows to execute JavaScript code in the
context of Horde. The security threat is considered low.
Thanks to Robert Fly for pointing out these issues.

The full list of changes (from version 3.0) can be viewed here:

http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515&r2=1.515.2.16&ty=h

The Horde 3.0.1 distribution is available from the following locations:

    ftp://ftp.horde.org/pub/horde/horde-3.0.1.tar.gz
    http://ftp.horde.org/pub/horde/horde-3.0.1.tar.gz

Patches against version 3.0 are available at:

    ftp://ftp.horde.org/pub/horde/patches/patch-horde-3.0-3.0.1.gz
    http://ftp.horde.org/pub/horde/patches/patch-horde-3.0-3.0.1.gz

Or, for quicker access, download from your nearest mirror:

    http://www.horde.org/mirrors.php

MD5 sums for the packages are as follows:

    5c0dbab26a64b5e58d4cbb1724e472e0  horde-3.0.1.tar.gz
    07991c01293d9accc47de1d8242f4470  patch-horde-3.0-3.0.1.gz

Have fun!

The Horde Team.


More information about the announce mailing list