[announce] Horde 3.2.1 (final)
chuck at horde.org
Fri Jun 13 22:16:13 UTC 2008
The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.2.1.
This is a security release that fixes unescaped output in the object
browser. The hole is only exploitable by authenticated users.
The Horde Application Framework is a modular, general-purpose web application
framework written in PHP. It provides an extensive array of classes that are
targeted at the common problems and tasks involved in developing modern web
The major changes compared to the Horde version H3 (3.2.1) are:
* Escape item names in the object browser.
* Select db before queries in MySQL SessionHandler.
* Format messages sent through MIME_Mail in flowed text format.
* Fixes for SQL shares with split read/write databases, and
various fixes for
* Workaround broken IE behavior when downloading files with 8-bit
* Fix storing of unlocked preferences set by hooks.
* Allow Horde memcache driver to use UNIX sockets.
* Fix parsing of addresses in headers when the RFC 2047-encoded personal
part of the address contains address list delimiters.
* Fix generation of unique keys in configuration for machines too fast for
* Added group driver for Kolab.
* Added IMAP based preferences driver for Kolab.
* Fix missing timestamp variable in Horde SQL cache driver.
* Fix over-zealous preference caching when preferences are requested for a
* Fix issue in Horde_Image that caused errors when performing
operations immediately after an image had been cropped when using the
The full list of changes (from version 3.2) can be viewed here:
The Horde 3.2.1 distribution is available from the following locations:
Patches against version 3.2 are available at:
Or, for quicker access, download from your nearest mirror:
MD5 sums for the packages are as follows:
The Horde Team.
More information about the announce