[announce] IMP H4 (5.0.22) (final)

Jan Schneider jan at horde.org
Tue Jun 26 11:31:53 UTC 2012


The Horde Team is pleased to announce the final release of the Internet Mail
Program (IMP) version H4 (5.0.22).

Thanks to Mike Cardwell (https://grepular.com/) for reporting the SVG
vulnerability.

IMP, the Internet Mail Program, is one of the most popular and widely deployed
open source webmail applications in the world. It allows universal, web-based
access to IMAP and POP3 mail servers and provides Ajax, mobile and traditional
interfaces with a rich range of features normally found only in desktop email
clients. For more information on IMP, visit http://www.horde.org/apps/imp.

The major changes compared to the IMP version H4 (5.0.21) are:
     * Only display basic image attachments in the browser to avoid XSS
       vulnerabilities triggered by opening malicious SVG attachments.
     * Re-added option to report messages as spam/ham through redirection.
     * Updated Swedish and Turkish translations.

The full list of changes can be viewed here:

https://github.com/horde/horde/blob/4764bca74481622b39dd1d9b81d62882128255b3/imp/docs/CHANGES

Have fun!

The Horde Team.


More information about the announce mailing list