[announce] [SECURITY] Horde 5.2.22 (final)

Jan Schneider jan at horde.org
Mon Apr 20 21:32:15 UTC 2020


The Horde Team is pleased to announce the final release of the Horde
Application Framework version 5.2.22.

The Horde Application Framework is a flexible, modular, general-purpose web
application framework written in PHP. It provides an extensive array of
components that are targeted at the common problems and tasks involved in
developing modern web applications. It is the basis for a large number of
production-level web applications, notably the Horde Groupware suites.  
For more
information on Horde or the Horde Groupware suites, visit  
http://www.horde.org.

For upgrading instructions, please see
http://www.horde.org/apps/horde/docs/UPGRADING

For detailed installation and configuration instructions, please see
http://www.horde.org/apps/horde/docs/INSTALL

Thanks to polict of Shielder for reporting the SVG image vulnerabiltiy.

The major changes compared to the Horde version 5.2.21 are:
     * Fixed XSS vulnerabilities in the administration interface.
     * Protected image processing service from rendering active SVG content
       within the browser.
     * Improved detection of outdated configuration files.
     * Added Redis Sentinel configuration.

The full list of changes can be viewed here:

https://github.com/horde/base/blob/c00f2fdb222055fb2ccb6d53b5b5240c0a7d2a75/docs/CHANGES

Have fun!

The Horde Team.


More information about the announce mailing list