[horde] Horde 3.1.4 (final)

edwardspl at ita.org.mo edwardspl at ita.org.mo
Wed Mar 21 17:41:49 UTC 2007 

Jan Schneider wrote:

>The Horde Team is pleased to announce the final release of the Horde
>Application Framework version 3.1.4.
>
>This is a bugfix release that also fixes an arbitrary file deletion
>vulnerability exploitable by local system (not Horde) users on systems using
>the example cron cleanup script.
>
>Many thanks to the iDefense Vulnerability Contributor Program for reporting
>these problems and working with us to test the fixes.
>
>The Horde Application Framework is a modular, general-purpose web application
>framework written in PHP. It provides an extensive array of libraries that are
>targeted at the common problems and tasks involved in developing modern web
>applications.
>
>Major changes compared to Horde 3.1.4-RC1 are:
>    * Correctly quote file names in cleanup script for temporary files.
>    * Detect unencrypted PGP messages.
>
>Major changes compared to Horde 3.1.3 are:
>    * Rewritten Oracle session handler.
>    * Added vTimezone support to iCalendar API and ORG support to vCard API.
>    * Improved virtual domain support for Cyrus SQL authentication driver.
>    * Improved Samba authentication driver.
>    * Improved automatic webroot detection.
>    * Improved signature dimming.
>    * Improved compatibility of generated ZIP files.
>    * Fixed an XSS vulnerability in the language selection.
>    * Fixed validation of some email distribution lists.
>    * Several Kolab related fixes.
>    * Lots of small fixes and improvements.
>    * Updated Brazilian Portuguese, Catalan, Dutch, French, German, Portuguese
>      and Traditional Chinese translations.
>
>The full list of changes (from version 3.1.3) can be viewed here:
>
>http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.261&r2=1.515.2.298&ty=h
>
>The Horde 3.1.4 distribution is available from the following locations:
>
>    ftp://ftp.horde.org/pub/horde/horde-3.1.4.tar.gz
>    http://ftp.horde.org/pub/horde/horde-3.1.4.tar.gz
>
>Patches against version 3.1.3 are available at:
>
>    ftp://ftp.horde.org/pub/horde/patches/patch-horde-3.1.3-3.1.4.gz
>    http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.3-3.1.4.gz
>
>Or, for quicker access, download from your nearest mirror:
>
>    http://www.horde.org/mirrors.php
>
>MD5 sums for the packages are as follows:
>
>    90bb96e810f165c2a853175303bd2dbb  horde-3.1.4.tar.gz
>    0402ccebe048b210d887cc4e67c47f64  patch-horde-3.1.3-3.1.4.gz
>
>Have fun!
>
>The Horde Team.
>  
>
Hello,

Just found out the problem :

Warning: include_once(Log.php) [function.include-once]: failed to open 
stream: No such file or directory in 
/home/itawm/html/horde/lib/Horde.php on line 3

Warning: include_once() [function.include]: Failed opening 'Log.php' for 
inclusion 
(include_path='/home/itawm/html/horde/lib:.:/usr/share/pear:/usr/share/php') 
in /home/itawm/html/horde/lib/Horde.php on line 3

Edward.

More information about the horde mailing list