[announce] IMP H4 (5.0.22) (final)
Jan Schneider
jan at horde.org
Tue Jun 26 11:31:53 UTC 2012
The Horde Team is pleased to announce the final release of the Internet Mail
Program (IMP) version H4 (5.0.22).
Thanks to Mike Cardwell (https://grepular.com/) for reporting the SVG
vulnerability.
IMP, the Internet Mail Program, is one of the most popular and widely deployed
open source webmail applications in the world. It allows universal, web-based
access to IMAP and POP3 mail servers and provides Ajax, mobile and traditional
interfaces with a rich range of features normally found only in desktop email
clients. For more information on IMP, visit http://www.horde.org/apps/imp.
The major changes compared to the IMP version H4 (5.0.21) are:
* Only display basic image attachments in the browser to avoid XSS
vulnerabilities triggered by opening malicious SVG attachments.
* Re-added option to report messages as spam/ham through redirection.
* Updated Swedish and Turkish translations.
The full list of changes can be viewed here:
https://github.com/horde/horde/blob/4764bca74481622b39dd1d9b81d62882128255b3/imp/docs/CHANGES
Have fun!
The Horde Team.
More information about the announce
mailing list