[announce] [SECURITY] Mnemo H5 (4.2.3) (final)
Jan Schneider
jan at horde.org
Wed Dec 3 16:35:26 UTC 2014
The Horde Team is pleased to announce the final release of the Mnemo Note
Manager version H5 (4.2.3).
The Mnemo Note Manager is the Horde notes/memos application. It allows
users to
keep web-based notes and freeform text. Notes may be shared with other users
via shared notepads. It requires the Horde Application Framework and an SQL
database or Kolab server for backend storage. For more information on Mnemo,
visit http://www.horde.org/apps/mnemo.
For upgrading instructions, please see
http://www.horde.org/apps/nag/docs/UPGRADING
For detailed installation and configuration instructions, please see
http://www.horde.org/apps/nag/docs/INSTALL
The major changes compared to the Mnemo version H5 (4.2.2) are:
* Fixed permission check when editing notes. Mitigation: the
attacker needs
to know the note's (random) URL to exploit this flaw.
* Small API improvement.
Thanks to Christopher Neuhaus for reporting the security issue.
The full list of changes can be viewed here:
https://github.com/horde/horde/blob/202df898265c94b629518170943650c689f60211/mnemo/docs/CHANGES
Have fun!
The Horde Team.
More information about the announce
mailing list