[announce] Horde Groupware 1.0.1 (final)

Jan Schneider jan at horde.org
Fri Mar 16 19:06:52 UTC 2007


The Horde Team is pleased to announce the final release of the Horde Groupware
version 1.0.1.

This is a bugfix release that also fixes an arbitrary file deletion
vulnerability exploitable by local system (not Horde) users on systems using
the example cron cleanup script, and an XSS vulnerability in the language
selection.

Many thanks to the iDefense Vulnerability Contributor Program for reporting
the file deletion problem and working with us to test the fixes.

Horde Groupware is a free, enterprise ready, browser based collaboration
suite. Users can manage and share calendars, contacts, tasks and notes with the
standards compliant components from the Horde Project.

Major changes compared to Horde Groupware 1.0 are:
    * Correctly quote file names in cleanup script for temporary files.
    * Fixed an XSS vulnerability in the language selection.
    * Rewritten Oracle session handler.
    * Added vTimezone support to iCalendar API and ORG support to vCard API.
    * Improved virtual domain support for Cyrus SQL authentication driver.
    * Improved Samba authentication driver.
    * Improved automatic webroot detection.
    * Improved signature dimming.
    * Improved compatibility of generated ZIP files.
    * Improved calendar support for non-ascii character sets.
    * Improved vCard support.
    * Lots of small fixes and improvements.
    * Updated Brazilian Portuguese, Catalan, Dutch, Finnish, French, German,
      Portuguese and Traditional Chinese translations.

The full list of changes (from version 1.0) can be viewed here:

http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.12&r2=1.16&ty=h

The Horde Groupware 1.0.1 distribution is available from the following locations:

    ftp://ftp.horde.org/pub/horde-groupware/horde-groupware-1.0.1.tar.gz
    http://ftp.horde.org/pub/horde-groupware/horde-groupware-1.0.1.tar.gz

Patches against version 1.0 are available at:

    ftp://ftp.horde.org/pub/horde-groupware/patches/patch-horde-groupware-1.0-1.0.1.gz
    http://ftp.horde.org/pub/horde-groupware/patches/patch-horde-groupware-1.0-1.0.1.gz

Or, for quicker access, download from your nearest mirror:

    http://www.horde.org/mirrors.php

MD5 sums for the packages are as follows:

    e5e56a812baddab5bb64d095edc0c945  horde-groupware-1.0.1.tar.gz
    5b4156e32c041ca2a68797a04e67b2d1  patch-horde-groupware-1.0-1.0.1.gz

Have fun!

The Horde Team.


More information about the announce mailing list