[announce] [SECURITY] Horde Groupware 5.2.4 (final)

Jan Schneider jan at horde.org
Wed Dec 3 16:50:33 UTC 2014


The Horde Team is pleased to announce the final release of the Horde Groupware
version 5.2.4.

Horde Groupware is a free, enterprise ready, browser based collaboration
suite. Users can manage and share calendars, contacts, tasks, notes,  
files, and
bookmarks with the standards compliant components from the Horde Project.

For upgrading instructions, please see
http://www.horde.org/apps/groupware/docs/UPGRADING

For detailed installation and configuration instructions, please see
http://www.horde.org/apps/groupware/docs/INSTALL

The major changes compared to the Horde Groupware version 5.2.3 are:

General changes:
     * Small bugfixes and improvements.

Calendar changes:
     * Fixed disclosure of private events in daily agenda.
     * Fixed adding and updating events via CalDAV.
     * Fixed incomplete month views.

Notes changes:
     * Fixed permission check when editing notes. Mitigation: the  
attacker needs
       to know the note's (random) URL to exploit this flaw.
     * Small API improvement.

Thanks to Christopher Neuhaus for reporting the security issue in the note
manager.

The full list of changes can be viewed here:

https://github.com/horde/horde/blob/72b777a045a1c1e43491abbce1d1727ef3d52e40/bundles/groupware/docs/CHANGES

Have fun!

The Horde Team.


More information about the announce mailing list