[announce] Horde 3.3.6 (final)
jan at horde.org
Tue Dec 15 18:24:01 UTC 2009
The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.3.6.
This is a bugfix release that also fixes an XSS vulnerability in the
administration interface and improves the XSS filter to work around an XSS
vulnerability in Firefox browsers.
Thanks to Juan Galiana Lara and Daniel FernÃ¡ndez Bleda from Internet Security
Auditors for finding the XSS vulnerability in the administration interface.
The Horde Application Framework is a modular, general-purpose web application
framework written in PHP. It provides an extensive array of classes that are
targeted at the common problems and tasks involved in developing modern web
The major changes compared to Horde version 3.3.5 are:
* Fixed XSS vulnerability in administrator scripts.
* Improved XSS filter for HTML messages.
* Several synchronization improvements.
* Improved Oracle and MSSQL compatibility.
* Fixed access keys on Mac browsers.
* Fixed "white screen" issue with Internet Explorer.
* Added Croatian translation.
* Multiple other small bug fixes and improvements.
The full list of changes (from version 3.3.5) can be viewed here:
The Horde 3.3.6 distribution is available from the following locations:
Patches against version 3.3.5 are available at:
Or, for quicker access, download from your nearest mirror:
MD5 sums for the packages are as follows:
The Horde Team.
More information about the announce