[announce] [SECURITY] Horde 5.2.22 (final)
Jan Schneider
jan at horde.org
Mon Apr 20 21:32:15 UTC 2020
The Horde Team is pleased to announce the final release of the Horde
Application Framework version 5.2.22.
The Horde Application Framework is a flexible, modular, general-purpose web
application framework written in PHP. It provides an extensive array of
components that are targeted at the common problems and tasks involved in
developing modern web applications. It is the basis for a large number of
production-level web applications, notably the Horde Groupware suites.
For more
information on Horde or the Horde Groupware suites, visit
http://www.horde.org.
For upgrading instructions, please see
http://www.horde.org/apps/horde/docs/UPGRADING
For detailed installation and configuration instructions, please see
http://www.horde.org/apps/horde/docs/INSTALL
Thanks to polict of Shielder for reporting the SVG image vulnerabiltiy.
The major changes compared to the Horde version 5.2.21 are:
* Fixed XSS vulnerabilities in the administration interface.
* Protected image processing service from rendering active SVG content
within the browser.
* Improved detection of outdated configuration files.
* Added Redis Sentinel configuration.
The full list of changes can be viewed here:
https://github.com/horde/base/blob/c00f2fdb222055fb2ccb6d53b5b5240c0a7d2a75/docs/CHANGES
Have fun!
The Horde Team.
More information about the announce
mailing list