[horde] Horde 3.1.7 (final)

Chuck Hagenbuch chuck at horde.org
Fri Mar 7 23:05:22 UTC 2008


The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.1.7.

This is a security release that closes a file inclusion vulnerability
through abuse of the theme preference.

The Horde Application Framework is a modular, general-purpose web application
framework written in PHP. It provides an extensive array of libraries that are
targeted at the common problems and tasks involved in developing modern web
applications.

Major changes compared to Horde 3.1.6 are:
    * Fix arbitrary file inclusion through abuse of the theme preference.

The full list of changes (from version 3.1.6) can be viewed here:

http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.312.2.2&r2=1.515.2.312.2.5&ty=h

The Horde 3.1.7 distribution is available from the following locations:

    ftp://ftp.horde.org/pub/horde/horde-3.1.7.tar.gz
    http://ftp.horde.org/pub/horde/horde-3.1.7.tar.gz

Patches against version 3.1.6 are available at:

    ftp://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz
    http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz

Or, for quicker access, download from your nearest mirror:

    http://www.horde.org/mirrors.php

MD5 sums for the packages are as follows:

    c0e693f88d95e395671abbff2ab6df53  horde-3.1.7.tar.gz
    a0478555b12473a692010416e66a50a5  patch-horde-3.1.6-3.1.7.gz

Have fun!

The Horde Team.


More information about the horde mailing list