[announce] Horde 3.0.12 (final)

Jan Schneider jan at horde.org
Thu Aug 17 06:14:17 PDT 2006


The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.0.12.

This is a security release that fixes a cross site scripting vulnerability and
improves protection against phishing attempts.

Many thanks to the "immerda project group" (http://www.immmerda.ch) and Marc
Ruef for reporting these problems and working with us to test the fixes.

The Horde Application Framework is a modular, general-purpose web application
framework written in PHP.  It provides an extensive array of classes that are
targeted at the common problems and tasks involved in developing modern web
applications.

Changes compared to Horde 3.0.11 are:
    * Closed an XSS problem in index.php and improved protection against
      phishing attempts.

The full list of changes (from version 3.0.11) can be viewed here:

http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.167.2.22&r2=1.515.2.167.2.24&ty=h

The Horde 3.0.12 distribution is available from the following locations:

    ftp://ftp.horde.org/pub/horde/horde-3.0.12.tar.gz
    http://ftp.horde.org/pub/horde/horde-3.0.12.tar.gz

Patches against version 3.0.11 are available at:

    ftp://ftp.horde.org/pub/horde/patches/patch-horde-3.0.11-3.0.12.gz
    http://ftp.horde.org/pub/horde/patches/patch-horde-3.0.11-3.0.12.gz

Or, for quicker access, download from your nearest mirror:

    http://www.horde.org/mirrors.php

MD5 sums for the packages are as follows:

    MD5 (horde-3.0.12.tar.gz) = 83e21b9c6f90c02e7ecff1f442cf6813
    MD5 (patch-horde-3.0.11-3.0.12.gz) = 6426dec4f3f8d8f8a0a780507fb3c7f8

Have fun!

The Horde Team.


More information about the announce mailing list