[announce] Horde 3.2.1 (final)
Chuck Hagenbuch
chuck at horde.org
Fri Jun 13 22:16:13 UTC 2008
The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.2.1.
This is a security release that fixes unescaped output in the object
browser. The hole is only exploitable by authenticated users.
The Horde Application Framework is a modular, general-purpose web application
framework written in PHP. It provides an extensive array of classes that are
targeted at the common problems and tasks involved in developing modern web
applications.
The major changes compared to the Horde version H3 (3.2.1) are:
* Escape item names in the object browser.
* Select db before queries in MySQL SessionHandler.
* Format messages sent through MIME_Mail in flowed text format.
* Fixes for SQL shares with split read/write databases, and
various fixes for
hierarchical shares.
* Workaround broken IE behavior when downloading files with 8-bit
filenames.
* Fix storing of unlocked preferences set by hooks.
* Allow Horde memcache driver to use UNIX sockets.
* Fix parsing of addresses in headers when the RFC 2047-encoded personal
part of the address contains address list delimiters.
* Fix generation of unique keys in configuration for machines too fast for
microtime().
* Added group driver for Kolab.
* Added IMAP based preferences driver for Kolab.
* Fix missing timestamp variable in Horde SQL cache driver.
* Fix over-zealous preference caching when preferences are requested for a
different user.
* Fix issue in Horde_Image that caused errors when performing
certain image
operations immediately after an image had been cropped when using the
ImageMagick driver.
The full list of changes (from version 3.2) can be viewed here:
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.392&r2=1.515.2.413&ty=h
The Horde 3.2.1 distribution is available from the following locations:
ftp://ftp.horde.org/pub/horde/horde-3.2.1.tar.gz
http://ftp.horde.org/pub/horde/horde-3.2.1.tar.gz
Patches against version 3.2 are available at:
ftp://ftp.horde.org/pub/horde/patches/patch-horde-3.2-3.2.1.gz
http://ftp.horde.org/pub/horde/patches/patch-horde-3.2-3.2.1.gz
Or, for quicker access, download from your nearest mirror:
http://www.horde.org/mirrors.php
MD5 sums for the packages are as follows:
61f483867548004e539b54d04973292b horde-3.2.1.tar.gz
04d5a6578f0f13fc245461b37e1ab479 patch-horde-3.2-3.2.1.gz
Have fun!
The Horde Team.
More information about the announce
mailing list