[announce] Horde 3.3.6 (final)

Jan Schneider jan at horde.org
Tue Dec 15 18:24:01 UTC 2009

The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.3.6.

This is a bugfix release that also fixes an XSS vulnerability in the
administration interface and improves the XSS filter to work around an XSS
vulnerability in Firefox browsers.

Thanks to Juan Galiana Lara and Daniel Fernández Bleda from Internet Security
Auditors for finding the XSS vulnerability in the administration interface.

The Horde Application Framework is a modular, general-purpose web application
framework written in PHP.  It provides an extensive array of classes that are
targeted at the common problems and tasks involved in developing modern web

The major changes compared to Horde version 3.3.5 are:
     * Fixed XSS vulnerability in administrator scripts.
     * Improved XSS filter for HTML messages.
     * Several synchronization improvements.
     * Improved Oracle and MSSQL compatibility.
     * Fixed access keys on Mac browsers.
     * Fixed "white screen" issue with Internet Explorer.
     * Added Croatian translation.
     * Multiple other small bug fixes and improvements.

The full list of changes (from version 3.3.5) can be viewed here:


The Horde 3.3.6 distribution is available from the following locations:


Patches against version 3.3.5 are available at:


Or, for quicker access, download from your nearest mirror:


MD5 sums for the packages are as follows:

     ab810c465f15e774f7fd6e4c761fa7b8  horde-3.3.6.tar.gz
     08a8bcf1a9c114cf8d88085dfc73d2b1  patch-horde-3.3.5-3.3.6.gz

Have fun!

The Horde Team.

More information about the announce mailing list