[announce] Horde Groupware Webmail Edition 1.0.4 (final)

Jan Schneider jan at horde.org
Thu Jan 10 00:22:02 UTC 2008


The Horde Team is pleased to announce the final release of the Horde Groupware
Webmail Edition version 1.0.4.

This is a bugfix release that also improves XSS (cross site scripting)
filters, used for example in HTML message viewers, and fixes privilege
escalations in the Horde API and missing ownership validation in the share
management. All users are encouraged to upgrade to this version.

Many thanks to Secunia for reporting an XSS vulnerability (CVE-2007-6018) and
working with us to test the fixes.

Horde Groupware Webmail Edition is a free, enterprise ready, browser based
communication suite. Users can read, send and organize email messages and
manage and share calendars, contacts, tasks and notes with the standards
compliant components from the Horde Project.

Major changes compared to Horde Groupware Webmail Edition 1.0.3 are:
    * Fixed privilege escalation in the Horde API.
    * Fixed missing ownership validation on share changes.
    * Improved XSS filtering.
    * Fixed locked portal blocks.
    * Further improved webroot detection.
    * Improved sieve forward rules.
    * Updated Finnish, Japanese, Polish, Portuguese, Simplified Chinese,
      Spanish, and Traditional Chinese translations.
    * Small bugfixes and improvements.

The full list of changes (from version 1.0.3) can be viewed here:

http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h

The Horde Groupware Webmail Edition 1.0.4 distribution is available from the following locations:

    ftp://ftp.horde.org/pub/horde-webmail/horde-webmail-1.0.4.tar.gz
    http://ftp.horde.org/pub/horde-webmail/horde-webmail-1.0.4.tar.gz

Patches against version 1.0.3 are available at:

    ftp://ftp.horde.org/pub/horde-webmail/patches/patch-horde-webmail-1.0.3-1.0.4.gz
    http://ftp.horde.org/pub/horde-webmail/patches/patch-horde-webmail-1.0.3-1.0.4.gz

Or, for quicker access, download from your nearest mirror:

    http://www.horde.org/mirrors.php

MD5 sums for the packages are as follows:

    161b3ce0c6118469b483a63fb86079af  horde-webmail-1.0.4.tar.gz
    d5bce7a66b6575bb205dbfa460507ab3  patch-horde-webmail-1.0.3-1.0.4.gz

Have fun!

The Horde Team.


More information about the announce mailing list