[announce] [SECURITY] Turba H5 (4.2.26) (final)

Jan Schneider jan at horde.org
Mon Jun 6 22:59:25 UTC 2022


The Horde Team is pleased to announce the final release of the Turba Contact
Manager version H5 (4.2.26).

Turba is the Horde contact management application. Leveraging the Horde
framework to provide seamless integration with IMP and other Horde
applications, it supports contacts in SQL, LDAP, Kolab, IMSP, and Facebook
address books, and works as a CardDAV server. For more information on Turba,
visit http://www.horde.org/apps/turba.

A remote code execution vulnerability has been reported by Simon Scannell
from SonarSource. You can find the full report at
https://blog.sonarsource.com/horde-webmail-rce-via-email/

For upgrading instructions, please see
http://www.horde.org/apps/turba/docs/UPGRADING

For detailed installation and configuration instructions, please see
http://www.horde.org/apps/turba/docs/INSTALL

The major changes compared to the Turba version H5 (4.2.25) are:
     * Fixed RCE vulnerability (CVE-2022-30287).
     * Small bug fixes.

The full list of changes can be viewed here:

https://github.com/horde/turba/blob/862f91150076bec5c5ba3b0de5df78c55f2b3391/docs/CHANGES

Have fun!

The Horde Team.


More information about the announce mailing list