[announce] Horde 3.1.9 (final)

Jan Schneider jan at horde.org
Wed Sep 10 09:22:47 UTC 2008

The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.1.9.

This is a security release that further improves the XSS filter for HTML
messages (CVE-2008-3824). All users are encouraged to upgrade to this version.

Many thanks to Alexios Fakos for detecting this vulnerability, and oCERT for
notifying us.

The Horde Application Framework is a modular, general-purpose web application
framework written in PHP. It provides an extensive array of libraries that are
targeted at the common problems and tasks involved in developing modern web

Major changes compared to Horde 3.1.8 are:
     * Further improved the XSS filter for HTML.

The full list of changes (from version 3.1.8) can be viewed here:


The Horde 3.1.9 distribution is available from the following locations:


Patches against version 3.1.8 are available at:


NOTE: Patches do not contain differences between files containing binary data.
These files will need to be updated via the distribution files.

Or, for quicker access, download from your nearest mirror:


MD5 sums for the packages are as follows:

     287e55e75c99a8eb58f1895fd9cbc546  horde-3.1.9.tar.gz
     1b69d9586666bddc831a0ff983cdd7f4  patch-horde-3.1.8-3.1.9.gz

Have fun!

The Horde Team.

More information about the announce mailing list