[announce] Horde 3.2.1 (final)

Chuck Hagenbuch chuck at horde.org
Fri Jun 13 22:16:13 UTC 2008


The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.2.1.

This is a security release that fixes unescaped output in the object
browser. The hole is only exploitable by authenticated users.

The Horde Application Framework is a modular, general-purpose web application
framework written in PHP.  It provides an extensive array of classes that are
targeted at the common problems and tasks involved in developing modern web
applications.

The major changes compared to the Horde version H3 (3.2.1) are:
     * Escape item names in the object browser.
     * Select db before queries in MySQL SessionHandler.
     * Format messages sent through MIME_Mail in flowed text format.
     * Fixes for SQL shares with split read/write databases, and  
various fixes for
       hierarchical shares.
     * Workaround broken IE behavior when downloading files with 8-bit  
filenames.
     * Fix storing of unlocked preferences set by hooks.
     * Allow Horde memcache driver to use UNIX sockets.
     * Fix parsing of addresses in headers when the RFC 2047-encoded personal
       part of the address contains address list delimiters.
     * Fix generation of unique keys in configuration for machines too fast for
       microtime().
     * Added group driver for Kolab.
     * Added IMAP based preferences driver for Kolab.
     * Fix missing timestamp variable in Horde SQL cache driver.
     * Fix over-zealous preference caching when preferences are requested for a
       different user.
     * Fix issue in Horde_Image that caused errors when performing  
certain image
       operations immediately after an image had been cropped when using the
       ImageMagick driver.

The full list of changes (from version 3.2) can be viewed here:

http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.392&r2=1.515.2.413&ty=h

The Horde 3.2.1 distribution is available from the following locations:

     ftp://ftp.horde.org/pub/horde/horde-3.2.1.tar.gz
     http://ftp.horde.org/pub/horde/horde-3.2.1.tar.gz

Patches against version 3.2 are available at:

     ftp://ftp.horde.org/pub/horde/patches/patch-horde-3.2-3.2.1.gz
     http://ftp.horde.org/pub/horde/patches/patch-horde-3.2-3.2.1.gz

Or, for quicker access, download from your nearest mirror:

     http://www.horde.org/mirrors.php

MD5 sums for the packages are as follows:

     61f483867548004e539b54d04973292b  horde-3.2.1.tar.gz
     04d5a6578f0f13fc245461b37e1ab479  patch-horde-3.2-3.2.1.gz

Have fun!

The Horde Team.


More information about the announce mailing list