[announce] [SECURITY] Horde Groupware 5.2.4 (final)
Jan Schneider
jan at horde.org
Wed Dec 3 16:50:33 UTC 2014
The Horde Team is pleased to announce the final release of the Horde Groupware
version 5.2.4.
Horde Groupware is a free, enterprise ready, browser based collaboration
suite. Users can manage and share calendars, contacts, tasks, notes,
files, and
bookmarks with the standards compliant components from the Horde Project.
For upgrading instructions, please see
http://www.horde.org/apps/groupware/docs/UPGRADING
For detailed installation and configuration instructions, please see
http://www.horde.org/apps/groupware/docs/INSTALL
The major changes compared to the Horde Groupware version 5.2.3 are:
General changes:
* Small bugfixes and improvements.
Calendar changes:
* Fixed disclosure of private events in daily agenda.
* Fixed adding and updating events via CalDAV.
* Fixed incomplete month views.
Notes changes:
* Fixed permission check when editing notes. Mitigation: the
attacker needs
to know the note's (random) URL to exploit this flaw.
* Small API improvement.
Thanks to Christopher Neuhaus for reporting the security issue in the note
manager.
The full list of changes can be viewed here:
https://github.com/horde/horde/blob/72b777a045a1c1e43491abbce1d1727ef3d52e40/bundles/groupware/docs/CHANGES
Have fun!
The Horde Team.
More information about the announce
mailing list