Hi, For debian sarge there was a security advisory 1099-1 for horde 2 (fix for cross-site scripting) 14.6 http://www.debian.org/security/2006/dsa-1099 From the documentation I got the impression that some of the patches ar from horde 3. So, is horde 2.2.9 safe, or is the only alternative to update to horde 3? - ulf pensar