[announce] [SECURITY] Kronolith H3 (2.0.7) (final)

Jan Schneider jan at horde.org
Wed Nov 29 03:50:52 PST 2006


The Horde Team is pleased to announce the final release of the Kronolith
Calendar Application version H3 (2.0.7).

This is a security release. All users are strongly advised to upgrade as soon
as possible. Thanks to iDefense for the vulnerability report.

Kronolith is the Horde calendar application.  It provides web-based calendars
backed by a SQL database, the MCAL library, or a Kolab server.  Supported
features include shared calendars, remote calendars, meeting management,
alarms, recurring events, and a sophisticated day/week view which handles
arbitrary numbers of overlapping events.

Major changes compared to the Kronolith version H3 (2.0.6) are:
    * Close arbitrary file inclusion in free/busy views.

The full list of changes (from version H3 (2.0.6)) can be viewed here:

http://cvs.horde.org/diff.php/kronolith/docs/CHANGES?r1=1.165.2.69.2.5&r2=1.165.2.69.2.7&ty=h

The Kronolith H3 (2.0.7) distribution is available from the following locations:

    ftp://ftp.horde.org/pub/kronolith/kronolith-h3-2.0.7.tar.gz
    http://ftp.horde.org/pub/kronolith/kronolith-h3-2.0.7.tar.gz

Patches against version H3 (2.0.6) are available at:

    ftp://ftp.horde.org/pub/kronolith/patches/patch-kronolith-h3-2.0.6-h3-2.0.7.gz
    http://ftp.horde.org/pub/kronolith/patches/patch-kronolith-h3-2.0.6-h3-2.0.7.gz

Or, for quicker access, download from your nearest mirror:

    http://www.horde.org/mirrors.php

MD5 sums for the packages are as follows:

    83461e8e9bee92a4417b46aeb52a85db  kronolith-h3-2.0.7.tar.gz
    6808bba984f084b7d4b2dfee9b5ac195  patch-kronolith-h3-2.0.6-h3-2.0.7.gz

Have fun!

The Horde Team.


More information about the announce mailing list