[announce] [SECURITY] Horde Groupware 5.2.4 (final)

Jan Schneider jan at horde.org
Wed Dec 3 16:50:33 UTC 2014

The Horde Team is pleased to announce the final release of the Horde Groupware
version 5.2.4.

Horde Groupware is a free, enterprise ready, browser based collaboration
suite. Users can manage and share calendars, contacts, tasks, notes,  
files, and
bookmarks with the standards compliant components from the Horde Project.

For upgrading instructions, please see

For detailed installation and configuration instructions, please see

The major changes compared to the Horde Groupware version 5.2.3 are:

General changes:
     * Small bugfixes and improvements.

Calendar changes:
     * Fixed disclosure of private events in daily agenda.
     * Fixed adding and updating events via CalDAV.
     * Fixed incomplete month views.

Notes changes:
     * Fixed permission check when editing notes. Mitigation: the  
attacker needs
       to know the note's (random) URL to exploit this flaw.
     * Small API improvement.

Thanks to Christopher Neuhaus for reporting the security issue in the note

The full list of changes can be viewed here:


Have fun!

The Horde Team.

More information about the announce mailing list