[announce] Horde Groupware Webmail Edition 1.2.2 (final)

Jan Schneider jan at horde.org
Wed Jan 28 17:42:13 UTC 2009

The Horde Team is pleased to announce the final release of the Horde Groupware
Webmail Edition version 1.2.2.

This is a minor security release that fixes unescaped output in the tag cloud
search script, validates the Horde_Image driver name to prevent a possible
local file inclusion vulnerability, and fixes unescaped output in several
webmail scripts. All users are encouraged to upgrade to this release. Thanks
to Gunnar Wrobel for finding these issues in a code audit.

Horde Groupware Webmail Edition is a free, enterprise ready, browser based
communication suite. Users can read, send and organize email messages with
three different webmail interfaces and manage and share calendars, contacts,
tasks and notes with the standards compliant components from the Horde

The major changes compared to the Horde Groupware Webmail Edition  
version 1.2.1
     * Fixed unescaped output in the tag cloud block.
     * Fixed unvalidated Horde_Image driver name.
     * Fixed unescaped output in message.php, pgp.php and smime.php.
     * Fixed problems with SQL Shares and PostgreSQL.
     * Added support for Mozilla Sunbird snooze properties.
     * Several bugfixes and minor improvements in Mail component.

The full list of changes (from version 1.2.1) can be viewed here:


The Horde Groupware Webmail Edition 1.2.2 distribution is available  
from the following locations:


Patches against version 1.2.1 are available at:


NOTE: Patches do not contain differences between files containing binary data.
These files will need to be updated via the distribution files.

Or, for quicker access, download from your nearest mirror:


MD5 sums for the packages are as follows:

     de21e0e119b950675f73c4961985d70a  horde-webmail-1.2.2.tar.gz
     14c076bd7b1a4ff883302d06dc39e4c8  patch-horde-webmail-1.2.1-1.2.2.gz

Have fun!

The Horde Team.

More information about the announce mailing list