[announce] Horde Groupware Webmail Edition 1.1.5 (final)

Jan Schneider jan at horde.org
Wed Jan 28 15:56:07 UTC 2009

The Horde Team is pleased to announce the final release of the Horde Groupware
Webmail Edition version 1.1.5.

This is a minor security release that fixes unescaped output in the tag cloud
search script, validates the Horde_Image driver name to prevent a possible
local file inclusion vulnerability, and fixes unescaped output in several
webmail scripts. All users are encouraged to upgrade to this release. Thanks
to Gunnar Wrobel for finding these issues in a code audit.

Horde Groupware Webmail Edition is a free, enterprise ready, browser based
communication suite. Users can read, send and organize email messages with
three different webmail interfaces and manage and share calendars, contacts,
tasks and notes with the standards compliant components from the Horde

The major changes compared to the Horde Groupware Webmail Edition  
version 1.1.4
     * Fixed unescaped output in the tag cloud block.
     * Fixed unvalidated Horde_Image driver name.
     * Fixed unescaped output in message.php, pgp.php and smime.php.

The full list of changes (from version 1.1.4) can be viewed here:


The Horde Groupware Webmail Edition 1.1.5 distribution is available  
from the following locations:


Patches against version 1.1.4 are available at:


Or, for quicker access, download from your nearest mirror:


MD5 sums for the packages are as follows:

     2e1e151284d06267b69fbe04f5bc21de  horde-webmail-1.1.5.tar.gz
     6473f4e70de945c609ab79adf2e6caab  patch-horde-webmail-1.1.4-1.1.5.gz

Have fun!

The Horde Team.

More information about the announce mailing list